accessing local webserver from inside LAN using FQDN

zamri · 10-02-2006, 10:01 PM

Hi all,

I have a LAN like this:

VLANs (172.20.10.0 - 172.20.60.0)---> CORE SWITCH ---> ROUTER+SQUID ---> MODEM/GATEWAY ---> INTERNET

ROuter IP is 172.20.30.1 and xxx.xxx.xxx.xxx (public ip). Core switch IP is 172.20.10.254 - 172.20.60.254. The webserver IP is 172.20.30.10

The core switch acts as a gateway for communication between VLANs. There's a webserver in one of VLAN that can be accessed from outside using NAT setup on router. All clients in each VLAN can connect to the internet. One problem is, all clients in the same VLAN as the webserver cannot access the webserver using FQDN like www.mywebserver123.com but clients in other VLAN can.

In router I set this:

iptables -t nat -I PREROUTING -d www.mywebserver123.com -p tcp --dport 80 -j DNAT --to-destination 172.20.30.10

The commands for routing table setup for the router:
route add -net 172.20.30.0 netmask 255.255.255.0 eth0
route add -net 172.20.30.0 netmask 255.255.255.0 gw 172.20.30.254 eth0
route add -net 172.20.20.0 netmask 255.255.255.0 gw 172.20.30.254 eth0
route add -net 172.20.10.0 netmask 255.255.255.0 gw 172.20.30.254 eth0
route add -net 172.20.40.0 netmask 255.255.255.0 gw 172.20.30.254 eth0
route add -net 172.20.50.0 netmask 255.255.255.0 gw 172.20.30.254 eth0
route add default gw xxx.xxx.xxx.xxx

xxx.xxx.xxx.xxx is public ip.

Another question: Is it ok to set the IP of router = 172.20.30.1 or should I set a private IP that's not in any VLAN?

Any advice appreciated. tq

zamri · 10-06-2006, 04:04 AM

any advice appreciated

ARC1450 · 10-07-2006, 06:50 PM

Do you ahve an internal DNS server? If so, just create a view and it's easy.

You're not routing in the VLAN of the web server, so having your router tell the clients where the webserver is probably isn't going to do much. The router looks at the netmask and if the address you ask it for is included within that netmask, it won't touch it. So putting the router off in it's own VLAN may work.

zamri · 10-07-2006, 10:43 PM

thanks for the answer. I have thought of changing the router IP to different VLAN/LAN. besides it doesn't make sense to have IP one of VLAN as if it is one of the clients but in fact it is not. I try to change the IP first to something different but how's the routing gonna be? I'm confused.

zamri · 10-12-2006, 08:36 PM

Quote:

Originally Posted by ARC1450

Do you ahve an internal DNS server? If so, just create a view and it's easy.

In second thought, how to create a view in internal DNS?