Static IP Address on DSL Account and Services Compatability

[akronix]

Hey all!

I have a DSL line with a static IP address and would like to set up a server running Apache, Bind, Postfix, etc behind my firewall. I have some questions regarding how the services will report addressing. Let me explain the setup...

DSL modem running in 'bridge' mode, which basically just passes all traffic though it.... to my SMC 4 port wireless router. I've set up the SMC with the static IP on the WAN side (202.139.44.x) and a local address (192.168.1.2) on the lan side. I'm hoping to use the firewall features of the SMC and just forward the ports I need to open to the server inside the lan (192.168.1.10). I've done this and it seems to work ok. I can ssh into the server from inside the lan on 192.168.1.10 and from outside on 202.139.44.x.

MY concern is that services like apache, bind or postfix may need to report an IP of 202.139.44.x when doing their thing and since they're on the lan side and don't bind to that address, this will cause me problems. Specifically I'm concerned that other mail servers will won't be able to do reverse lookups against my name server and that'll cause me problems.

I've searched the forums here and elsewhere, but am still kind of stuck as to how this can be accomplished. How are other people handeling this problem and what are some of my options. I really want to be able to run my own primary DNS, because it's more convienient. I will be able to run secondary off site at a later date.

Any feedback?

thanks,

Erik

[byrnerat101]

im doing the same thing you are... im bridge the dsl into my router then port forward the ports into my server... i use www.dyndns.org to give me a domain and i bind it to the ip adress of the dsl modem... go to whatsmyip.com when your on the server so that you can see the ip that the internet see's you as and use that to bind to the domain at dyndns

[EvilTwinSkippy]

Erik,

What you are doing is a standard NAT firewall. Companies use a similar system to keep their datacenters from directly touching the unwashed masses. All the clients on the internet see are the public IP addresses. Apache only gets wierd when it tries to re-map whatever domain address a client used to access the page into the proper name of the system.

That feature, of course, can be turned off.

The reverse DNS issue really isn't one. The outside world reverse-lookups to whatever your ISP has named the external IP.

The only place you can get into trouble is if more than one server is trying to NAT through the same address. Which doesn't sound like the case.
_________________
I've found that people will take what you say more seriously if you tell them Ben Franklin said it first.