Hello. I have a firewall running OpenBSD 3.2 which redirects the ports 80 and 21 to an internal server. It works fine as long as you're not on the internal network. Everyone outside my internal network can access the server using the domain that points to my IP, but when I try to access it from my internal network I can't. I have to access it using the internal IP (192.168.0.6) which is pretty annoying. Any ideas?

I've included my pf.conf here:

[code:1:a34746d293]
EXT = "ne3"
INT = "ep1"

INT_NET = "192.168.0.0/24"
SERVER = "192.168.0.6"

scrub in all

nat on $EXT inet from $INT/24 to any -> $EXT

rdr on $EXT proto tcp from any to $EXT port 80 -> $SERVER port 80
rdr on $EXT proto tcp from any to $EXT port 21 -> $SERVER port 21

block in on $EXT all

pass in on $EXT proto tcp from any to any port auth keep state

pass in quick on $EXT proto tcp from any to any port 22
pass in quick on $EXT proto tcp from any to $SERVER port 21
pass in quick on $EXT proto tcp from any to $SERVER port 80

pass out on $EXT inet proto icmp from $EXT to any icmp-type 8 code 0 keep state
pass in on $EXT inet proto icmp from any to $EXT icmp-type 8 code 0 keep state

pass out on $EXT proto { tcp, udp } all keep state
pass in on $INT proto { tcp, udp } all keep state
[/code:1:a34746d293]

The issue is the you would have to route your local traffic to outside the firewall so it can come in like the rest of the world if you want the internal machines to use the external address.

You have a some options here. Some are more complicated than others

You could setup an internal DNS server and setup the zone so the hostname is returning the internal address.

Edit your /etc/hosts file and put in the hostname(s) and internal IP on all your machines.

Put another NIC in the firewall and move the server to this "DMZ" (subnet) and use PF to redirect the local machines to it. You can't just do the redirect when they are on the same subnet since they won't route. It has to go through the firewall before you can do something about it.

You could use seperate hostnames for internal and external. www.domain.com points to external address and www2.domain.com points to internal address. This isn't the cleanest solution but maybe it's enough for what you want to do.

Personally use element from all these for my network at home.

Thank you. I was thinking of setting up a internal DNS anyway, so that worked out fine :) Once again, thanks :)