[Dnsmasq-discuss] query rewriting
richardvoigt at gmail.com
richardvoigt at gmail.com
Sat Dec 5 03:32:35 GMT 2009
On Fri, Dec 4, 2009 at 5:04 PM, Tom Metro <tmetro+dnsmasq at gmail.com> wrote:
> richardvoigt at gmail.com wrote:
>>
>> Tom Metro wrote:
>>>
>>> The use case is a web server that has both public and private IPs, where
>>> the private IPs are accessible through a VPN. If VPN connected
>>> developers wish to access the server via the private interface (which
>>> enables diagnostics), while using the public host name (to invoke the
>>> correct virtual host), mapping the private host name to the public host
>>> name is one way to do this.
>>
>> Can the diagnostics be enabled conditionally based on the client IP
>> address, instead of the server IP address binding?
>
> That's actually what is being done.
>
>
>> I guess that would require clients to route traffic for your
>> company's public IPs through the VPN (and not just private IPs like I
>> guess is done now).
>
> Correct, and that is what is accomplished by accessing the server through
> its private IP.
>
> It also works to add custom routes on the client machines to force the
> public IP to go through the VPN, but that also suffers from a potential
> problem with stale IP addresses if the public IP changes. (Not a huge deal
> as the route could be added via a script when the VPN is brought up. The
> script can fetch the current IP, and VPN sessions are relatively short lived
> compared to the frequency that IP addresses change.)
Any downside to routing the entire IP block for your company into the
VPN? I presume that changes even less frequently than server
addresses.
More information about the Dnsmasq-discuss
mailing list