I was wondering if anyone had some useful links to where I could get some information about how the handhelds on our BES browse to the internet.

We have a few internal webservers here that handheld users would like to have access to. This is impossible because the firewall blocks outside traffic to the machines and they're not announced IP addresses. Is there a way to steer browser dns lookups through our internal dns server, and for internal sites, steer the browser traffic through the BES server so that the firewall allows it?

Thanks for the help.

Simple answer: when handhelds use the BlackBerry Browser, their HTTP / HTTPS requests are proxied through the BES

Long answer: Copy and pasted from pp 46-47 of the "Feature and Technical Overview" document of BES 4.1 SP4 available at BlackBerry Technical Solution Center

Step
Action
Description
---
1
The user requests content.
The user requests Internet or intranet content on the BlackBerry device.
2
The BlackBerry device sends the request.
The BlackBerry device sends the request over port 3101 to the BlackBerry Enterprise Server on which the user account resides. The BlackBerry Dispatcher sends the request to the BlackBerry MDS Connection Service over port 3200.
3
The BlackBerry MDS Connection Service retrieves the content.
The BlackBerry MDS Connection Service creates an HTTP session for the user and retrieves the requested content.
4
The BlackBerry MDS Connection Service converts the content and sends it to the BlackBerry Dispatcher.
The BlackBerry MDS Connection Service converts the content for viewing on the BlackBerry device and sends the content to the BlackBerry Dispatcher over port 3200.
5
The BlackBerry Dispatcher compresses and encrypts the content.
The BlackBerry Dispatcher compresses the content, encrypts it with the user's encryption key, and then sends it to the BlackBerry Router for delivery to the BlackBerry device.
6
The BlackBerry Router sends the content to the wireless network.
The BlackBerry Router sends the content over port 3101 to the wireless network, which verifies that the PIN belongs to a valid BlackBerry device that is registered on the wireless network.
7
The BlackBerry device returns a delivery confirmation.
The wireless network locates the BlackBerry device and delivers the content. The BlackBerry device sends a delivery confirmation to the BlackBerry Router. If the BlackBerry MDS Connection Service does not receive confirmation within the flow control timeout limit, it sends a cancellation to the wireless network for the pending content.
8
The BlackBerry device decompresses and decrypts the content.
The BlackBerry device decrypts and decompresses the content so that the user can view it. The BlackBerry device application detects the content and displays it on the BlackBerry device.

I believe the only way to have BBs browse internal sites (assuming you don't want to open up your firewalls), is to use MDS Connection Services to act as a proxy for your BB users. Then all browsing is done via the BES, which may be a bandwidth problem, but it will allow browsing of internal webpages.

Thanks to both for your help. Switching to the Blackberry browser helped for one user on the BES, but another is getting 404 errors for the same page. Both are using Blackberry Browser, and both have MDS enabled. Can you think of any reason this might happen?

Turns out there was an issue either with the BES setup or the handheld. Wiping the handheld and readding the user account fixed the problem. Thanks again for the help.

weeeeeeeeeeeeeeeee! wipe and reactivate; my favorite HH solution!