Hi all,
I have a LAN like this:
VLANs (172.20.10.0 - 172.20.60.0)---> CORE SWITCH ---> ROUTER+SQUID ---> MODEM/GATEWAY ---> INTERNET
ROuter IP is 172.20.30.1 and xxx.xxx.xxx.xxx (public ip). Core switch IP is 172.20.10.254 - 172.20.60.254. The webserver IP is 172.20.30.10
The core switch acts as a gateway for communication between VLANs. There's a webserver in one of VLAN that can be accessed from outside using NAT setup on router. All clients in each VLAN can connect to the internet. One problem is, all clients in the same VLAN as the webserver cannot access the webserver using FQDN like
www.mywebserver123.com but clients in other VLAN can.
In router I set this:
iptables -t nat -I PREROUTING -d
www.mywebserver123.com -p tcp --dport 80 -j DNAT --to-destination 172.20.30.10
The commands for routing table setup for the router:
route add -net 172.20.30.0 netmask 255.255.255.0 eth0
route add -net 172.20.30.0 netmask 255.255.255.0 gw 172.20.30.254 eth0
route add -net 172.20.20.0 netmask 255.255.255.0 gw 172.20.30.254 eth0
route add -net 172.20.10.0 netmask 255.255.255.0 gw 172.20.30.254 eth0
route add -net 172.20.40.0 netmask 255.255.255.0 gw 172.20.30.254 eth0
route add -net 172.20.50.0 netmask 255.255.255.0 gw 172.20.30.254 eth0
route add default gw xxx.xxx.xxx.xxx
xxx.xxx.xxx.xxx is public ip.
Another question: Is it ok to set the IP of router = 172.20.30.1 or should I set a private IP that's not in any VLAN?
Any advice appreciated. tq