[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: pf problems
The cheap way to do this would be to put the DNS name of the server in
the hosts files of the client machines.
obsd wrote:
> I am using OpenBSD 3.3 as a company firewall. I have looked for an answer
> but have not found it. I am sure it is simple and I am overlooking it.
>
> Our webservers are behind the firewall, and several different rdr and nat
> rules work fine, from the outside. From inside the 192.168.x.x. network, I
> cannot resolve the FQDN, I have to use the 192.168.x.x address to get to the
> server.
>
> Some new applications have been built that need to use the domain name, and
> from the outside they work, but from behind the firewall, they don't
> resolve. I understand that the requests from inside are most likely being
> denied by the firewall since it does not know what to do woth them, but I do
> not know the solution. I have tried binat rules in the pf.conf in
> accordance with the pf faq, as it sounds like the answer:
>
> web_serv_int = "192.168.1.30"
> web_serv_int = "public ip"
>
> binat on em0 from $web_serv_int to any -> $web_serv_int
>
> but I continue to get the same error, ie. the connection at work is refused
> by the webserver. My thinking is because the internal nic has no idea what
> to do with these requests, since nat is done from the ext interface.
>
> I am willing to learn from my mistakes if someone can just point me in the
> right direction.
>
> brian
>
>
--
Christopher Ingram
cmi@crystalsands.net
Member of http://www.lineman.net