Hi,
My environment:
i created my own private network in an internal cloud environment and use ipfire to seperate this private network from the rest of the cloud environment. GREEN is the private network, RED is the rest of the cloud environment. IPFire is also acting as DHCP server in the GREEN network. I use an DNS Server in the cloud environment which is statically assigned to RED. In the DNS Server are several names (jenkins, git, nexus, ... .myfqn.com) registered, which all points to the ipfire. The server systems also have an internal hostname (eg. jnks-prd-01 for the first jenkins server). The ipfire forwards (DNAT) all requests to a reverse proxy (nginx) which is installed in my private network. The nginx server will send the request to the final target/port with the internal hostname. To be able to resolve the internal hostnames to internal ip addresses, these information are written to the /etc/hosts file on the nginx server. It is important for me to use hostnames, beacuse i have a SSL certificate available for *.myfqdn.com" which does not allow the usage of IP-addresses.
This is all working very fine, currently.
My problem:
I want to access the "nexus (nxus-prd-01.myfqdn.com)" server from the "jenkins (jnks-prd-01.myfqdn.com)" server now. Because there is no name resolution in the private network, i use "nexus.myfqdn.com" for that. I accept, that the request will go the the ipfire and back to the target, even if it stored in the same subnet. But, the request will be sended to the ipfire and thats it. I have absolutly no entries in the logfile of the nginx reverse proxy, which indicates that the ipfire is absorbing the request. But in the firewall logs there is also no entry.
So my fist question is: What is ipfire doing there?
My second question: I think i need a DNS server in the private network now, which resolves all public and internal names of the servers to their internal IP address and forward everything else to my current DNS Server outside the network. To avoid operating a dedicated DNS server, it would be great to add this to the ipfire system. I their any solution available?
Regards and thanks in advance
Dave
Use IPFire as DNS Server where i ca register additional hostname
-
davidkoenig09
- Posts: 1
- Joined: March 7th, 2019, 1:21 pm
Re: Use IPFire as DNS Server where i ca register additional hostname
The website used to host did not really protected as a firewall
Dont use it is a a fake. and a resource dispenser.
Dont use it is a a fake. and a resource dispenser.
Re: Use IPFire as DNS Server where i ca register additional hostname
ipfire is nothing at alll
just a PORT OPEN TO GERMANY
TAKE A LOCK THEY DO'NT LEAVE ME TO SPEAK COMMONLY
just a PORT OPEN TO GERMANY
TAKE A LOCK THEY DO'NT LEAVE ME TO SPEAK COMMONLY
Re: Use IPFire as DNS Server where i ca register additional hostname
@Ron63, I don't understand your posts.
davidkoenig09,
IPFire comes with Unbound as DNS service. Use it in the GREEN network, and DNS resolution is done in the Green network. To achieve that, use IPFire as your DNS service in the GREEN network. Add host names in the Web GUI under Network / Edit Hosts for static IP addresses. However I am not sure whether it is mandatory or not to activate DHCP. I would recommend to enable DHCP in any case.
Ultimately let IPFire forward DNS requests to your DNS server in the RED segment. To achieve that, go to Network / DNS Forwarding and your DNS server in the RED segment.
Regards, zargano
davidkoenig09,
IPFire comes with Unbound as DNS service. Use it in the GREEN network, and DNS resolution is done in the Green network. To achieve that, use IPFire as your DNS service in the GREEN network. Add host names in the Web GUI under Network / Edit Hosts for static IP addresses. However I am not sure whether it is mandatory or not to activate DHCP. I would recommend to enable DHCP in any case.
Ultimately let IPFire forward DNS requests to your DNS server in the RED segment. To achieve that, go to Network / DNS Forwarding and your DNS server in the RED segment.
Regards, zargano