> > > I'm having a prob... > > IP masquerade and ipportfw are working great. WWW requests to > 206.156.18.101 get forwarded to the internal box 192.168.1.3. > > [ internet ] > | > | > [ masq/firewall 206.156.18.101 ] > [ 192.168.1.1 ] > | > | > -------------------------------- > | | > [ www 192.168.1.3 ] [ w95 192.168.1.2 ] > > > However... any machine on the local net doesn't get forwarded... it just > hangs and times out trying to access the web server. Accessing the web > server directly via http://192.168.1.3 works... unless you try and > access a user's subdir (ex. ~roach). I believe this is because the web > server (apache) returns the FQDN "www.necrosis.com" to the browser so it > can then access subdirectories. > > I've tried various things with ipfwadm and ipportfw to no avail in an > attempt to get requests from the local subnet to forward properly. > > Can anyone help out? > > Thanks in Advance, > Brian Roach Brian, I've had the same problem. What's happening is the machines behind the firewall are asking DNS for the IP of the www.necrosis.com box, and getting the external IP (206.156.18.101). This is the one IP on the Internet that they can't really get to. The best solution I've found is to put an entry in the hosts file of every machine on the subnet pointing to the internal ip. Like this: 192.168.1.3 www.necrosis.com It's a pain, but it does work. W95 and NT seem to go with no other changes. You might have to change the search order ("hosts bind" instead of "bind hosts") in your Unix boxes in resolv.conf or nsswitch.conf. HTH, -------------------------------------------------------------------------- -- John Lombardo - [EMAIL PROTECTED] -- -- ShareTheNet: Turn your old '486 into a fast Internet Gateway -- -- DNS/DHCP/Cable/ADSL/Remote Admin/Easy setup/support -- ------------------------ http://www.ShareTheNet.com ---------------------- --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED]
