forwarding domains to internal lan

[Kevin Darcy]

This is very confusing. First of all, are you trying to point 2 different
domain names to one IP, or have one domain name resolve to 2 different
IP addresses? Only the latter would be called "round robin".

Secondly, are you having problems with Internet clients accessing your web
server, or your nameserver? The NAT rule you showed was for port 80, but
DNS runs on port 53.

If you have 2 domain names, hosted on an internal nameserver, pointing to the
same external IP address, NAT'ted to an internal webserver, you should be able
to write NAT rules for both port 53 and port 80 without any problem. Then it
just becomes a matter of nameserver and webserver configuration, pretty much
the same as if there were no firewall involved at all. Just remember to open
TCP port 53 for DNS as well as UDP port 53, since DNS can and does use both
protocols...


- Kevin

Admin wrote:

> Hi,
>
> I'am having a bit of a hassle with forwarding 2 domains to 2 different
> webservers thru a firewall with dns.
>
> My setup is like this,
>
> The dns server resides behind the firewall with resolving the 2 domains to
> the outside ip
> adress wich then goes thru Nat and gets forward to the webserver wich needs
> to handle both
> domains.
>
> i can only tell Nat to forward a port to one internal ip ... right, or it
> would be round robin ?
> and the only way to devide both domains to go to 2 different ip's on the
> internal lan is thru Dns as
> far as i know ... so if i'am correct, dns has to point to an internal ip
> wich can't be accessed from
> the outside .... do i have to use nat here ?
>
> The firewall is made with ipfilter. Ipfilter rule is like this,
>
> pass in quick on xl0 proto tcp from any to any port = 80 flags S/SA keep
> state
>
> and the nat rule
>
> rdr xl0 xxx.xxx.xxx.xxx/32 port 80 -> 192.168.0.101 port 80
>
> Can i anyone tell me howto do this ?
>
> Thanx !
>
> Tjeerd van der Zee