Captain Dondo wrote:
> I have the following setup:
>
> an OpenBSD firewall. The only manchine on my network with a real IP.
> a Linux server, which provides web (and other) services.
> some linux clients.
>
> A request for the web server comes in to the firewall, which NATs and port
> forwards it to the internal server.
>
> But clients on the inside cannot cannot use the web server, unless I put
> appropriate host entries into the /etc/hosts file, resolving the 'real'
> name of the web server to the private IP address.
>
> Thus in /etc/hosts I must have
>
> 192.168.128.2 www.xxxx.com spam.xxxx.com
> order hosts,bind
>
> otherwise my internal clients cannot find the web server.
>
> Is there a better way to handle this than editing each and every
> /etc/hosts on the network?
>
> I run my own dhcp and bind servers, but I don't think I can use bind to
> serve up the domain names... ISTR the last time I tried, it wouldn't let
> me since I am not authoritative for the domain, and it wreaked havoc with
> DNS....
>

I'd put dnsmasq as internal network DNS server / cache
into the Linux gateway host, and put the internal
web server name into the /etc/hosts file of the gateway.

Point all clients DNS entries to the router, and you're done.

--

Tauno Voipio
tauno voipio (at) iki fi