SuSEfirewall2 and internal network

Hello.

I have a network like this:

  • a router/gateway. The external interface have the public IP, an other the DMZ, a third the internal room
  • a DMZ with the web server
  • an internal network (internet public room)

I redirect the http port 80 to the web server. You should see him there.

But I can’t see this web site from the internal room. From the public IP /URL I have some sort of non existent message (sorry forgot to copy it). If I call for the private IP, I get the home page (but not the CSS files)

the gateway nat’s the networks.

What is the trick to see the web site from the internal network?
thanks
NB: The DMZ is virtual, but I don’t think this should do any difference (virtualbox)

I redirect the http port 80 to the web server.

But this is traffic from the outside, right?

But I can’t see this web site from the internal room.

the gateway nat’s the networks.

That is exactly the problem. When you do a ‘dig’ for the website URL from inside, what do you get? Probably the outside address. What you probably need is called ‘split DNS’ (Google knows about this), to direct queries from the inside to a different (internal) address.

thanks,
Yes, I was not surprised to have the problem. I simply didn’t know of the “split dns” name.

Having read google results, it looks like installing (and configuring) dnsmasq on the gateway will solve the problem? I beg in the meantime I can stop dhcpd?

thanks again
jdd

I beg in the meantime I can stop dhcpd?

I am not sure what you mean here. Correct me if my assumptions are wrong. When your router/gateway is running a DHCP service to distribute IP numbers to hosts within the LAN (your ‘internal room’) this is ok. Leave it on.

I suggest that you try the following: on any host within your LAN you edit the file /etc/hosts and you add:

192.168.50.1   reborn.culte.org

The IP number above is just an example, replace it with the actual IP of your webserver. Make sure that the DMZ is on a different subnet than the LAN. Then try to ping ‘reborn.culte.org’ and, if this works, do

lynx http://reborn.culte.org

(assuming that you have lynx installed; everyone should).
What happens?

dnsmasq is said to do the job of dhcp server, so if I use it I have no use anymore of dhcpd?

The IP number above is just an example, replace it with the actual IP of your webserver. Make sure that the DMZ is on a different subnet than the LAN. …

Of course the DMZ is on an other subnet. If I call my web server by his IP (internal), mozilla displays the home page (with some minor problems, probably apache virtual servers confused).

But the doc say it’s not enough to change the /etc/hosts of the gateway. I will have to add dnsmasq (and I can’t ask every user to add my web server internal IP).

That said, I have no mean to test this from my home, because I have no remote access to the internal room (and most of the time no computers are connected). I have to go locally to test, thats why I try to check as many things as possible before :slight_smile: