Re: Enabling internal connections to transparently connect via external IP address

[Martijn Lievaart <m@rtij.nl>]

Robby Workman wrote:
> Chris Willis wrote:
>   
> > Environment:
> > Windows XP laptop machine, part of domain acme.int, IP 192.168.1.150
> > Windows 2003 Server running Exchange 2003 (exchange.acme.int, 192.168.1.10)
> > External Domain: acme.com (T1 line, firewall external IP & MX record 
> > mail.acme.com 60.60.60.60)
> > Firewall: PC running Fedora Core 6, IPTables, using FWBuilder to create a 
> > ruleset, 2 NICs (eth0 192.168.1.1, eth1 60.60.60.60)
> >
> > Problem: when a laptop user (works in office and remotely) goes to 
> > https://mail.acme.com, it works fine from the outside, but not from the inside.
> >
> > Goal: when an internal (192.168.1.X) client goes to https://mail.acme.com, the 
> > firewall should accept the packets, route them to the exchange box, and then 
> > route return packets back to the client.
> >
> > This works just fine on a netscreen firewall I tested with at the client site 
> > (same IP addresses as  linux box above).
> >     
>
> There's the "dirty" way (IMHO):
> http://iptables-tutorial.frozentux.net/chunkyhtml/x4033.html
>
> There's the cleaner way (IMHO):
> Have your DNS server setup to serve internal clients the internal
> address of mail.acme.com.
>   
Or even cleaner, set up the Exchange server in a DMZ (you still have to 
do the split-dns unless you get multiple IPAs).
M4