EFW Support

Support => EFW SMTP, HTTP, SIP, FTP Proxy Support => Topic started by: kristiandg on Saturday 09 October 2010, 05:57:43 am



Title: Traffic out primary IP to another IP on same unit...
Post by: kristiandg on Saturday 09 October 2010, 05:57:43 am
Good afternoon all.  I'm having another odd issue with Endian that I'm hoping has an easy fix.....

In most networking environments, the internal domain doesn't match the external domain (domainname.com/domainname.local).  Because of this, when someone on the inside tries to open a webpage like "webmail.ndomainname.com", it is forced to resolve externally.  Now, this doesn't bother me - I actually want it to resolve externally because its hitting a URL redirection to turn it into the appropriate Exchange URL (domainname.com/owa).  In my case, my internet traffic goes out the primary interface address, and webmail comes in on a secondary external IP address.

However, Endian doesn't allow the connection, presumably because the initial connection is coming from another IP address ON ITSELF...

Is there any way to fix this?

Help!!!


Title: Re: Traffic out primary IP to another IP on same unit...
Post by: irvinehooi on Friday 29 October 2010, 01:02:41 pm
Hi, may be you should try the "Incoming Routed Traffic" under the "Firewall" menu.
This is very useful if you have more than one external IP address and want to use some of them in your DMZ / host a server without having to use NAT.

Hope this can help you.

Thanks.


Title: Re: Traffic out primary IP to another IP on same unit...
Post by: hickmanr on Thursday 04 November 2010, 11:25:51 pm
What I do is configure an extra forward lookup zone on my internal DNS for my external domain name. Therefore my network users still see the same URLs while inside, but it keeps all the traffic on my internal network.

To try to clarify better, I run a private DNS server, with records for all my internal hosts, and a public DNS server, with records for my public hosts. For my private DNS server I add another forward lookup zone for domain.com. That private forward lookup zone has nearly identicle entries as the public DNS server for domain.com except everything is entered with internal IPs (i.e. 10.x.x.x). In addition the private DNS doesn't require some records such as MX.