Firewall Wizards mailing list archives
RE: Internal users hitting external NAT address...
From: "Payne, Patrick" <Patrick.Payne () Select com>
Date: Thu, 31 May 2001 13:33:05 -0400
You can solve this problem using the ALIAS command. It will alter the DNS responses from the outside DNS server by replacing the public address with the internal address you specify. Should look something like: alias (inside) x.x.x.x y.y.y.y 255.255.255.255 where the x.x.x.x is your web server's actual inside private address and y.y.y.y is the public address you assigned to it with the static statement on the PIX. Pat Payne Message: 6 Date: Wed, 30 May 2001 15:13:50 -0700 (PDT) From: Daniel Linder <dan_linder () yahoo com> To: firewall-wizards () nfr com Subject: [fw-wiz] Internal users hitting external NAT address... (I am re-posting this from a plain text e-mail client to ensure the text does not have HTML. -- Dan dlinder () iprev com) Hello! I am setting up a test network which currently has a single PIX firewall and two interfaces (inside, outside). The internal network is using a private IP range, and the PIX is configured to listen to multiple external IP addresses and send packets through to the correct server behind the firewall. This works fine and I can access the various servers from the Internet with no problem. Now for the question: I believe I have run into a known limitation of the PIX firewall that my "internal" workstations can't hit the outside IP address of the web server and pull up the web page. Has anyone found a solution to this problem? The customer I have been working with is not really keen on setting up a split-DNS (which I have used to get around this in the past). To further add a kink in the works, I *have* configured this to work in this manner with a Linux box as the firewall but that solution is not an option here. I've been searching the archives but I haven't been able to find anyone who has mentioned this problem. Has anyone found a solution to this? Dan _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Internal users hitting external NAT address... Daniel Linder (May 30)
- <Possible follow-ups>
- RE: Internal users hitting external NAT address... Paris Stone (May 31)
- RE: Internal users hitting external NAT address... Payne, Patrick (May 31)