hanasaki wrote:
The problem is that www.blah.com resolves to the external internet IP and then gets routed out of the firewall which does not come back in and get forwarded to the internal webserver. It would be ideal if internal web browser hits went straight to the internal server.
Do a traceroute to confirm what is happening here. I suspect what is really happening is an intranet request for the website only goes the firewall and that's all.
What it seems you want is a nice squid solution here, but does your internal intranet traffic even touch squid unless it goes out for external internet?