[Dnsmasq-discuss] query rewriting
Tom Metro
tmetro+dnsmasq at gmail.com
Fri Dec 4 23:04:00 GMT 2009
richardvoigt at gmail.com wrote:
> Tom Metro wrote:
>> The use case is a web server that has both public and private IPs, where
>> the private IPs are accessible through a VPN. If VPN connected
>> developers wish to access the server via the private interface (which
>> enables diagnostics), while using the public host name (to invoke the
>> correct virtual host), mapping the private host name to the public host
>> name is one way to do this.
>
> Can the diagnostics be enabled conditionally based on the client IP
> address, instead of the server IP address binding?
That's actually what is being done.
> I guess that would require clients to route traffic for your
> company's public IPs through the VPN (and not just private IPs like I
> guess is done now).
Correct, and that is what is accomplished by accessing the server
through its private IP.
It also works to add custom routes on the client machines to force the
public IP to go through the VPN, but that also suffers from a potential
problem with stale IP addresses if the public IP changes. (Not a huge
deal as the route could be added via a script when the VPN is brought
up. The script can fetch the current IP, and VPN sessions are relatively
short lived compared to the frequency that IP addresses change.)
-Tom
--
Tom Metro
Venture Logic, Newton, MA, USA
"Enterprise solutions through open source."
Professional Profile: http://tmetro.venturelogic.com/
More information about the Dnsmasq-discuss
mailing list