Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Internal users hitting external NAT address...

From: "Payne, Patrick" <Patrick.Payne () Select com>
Date: Thu, 31 May 2001 13:33:05 -0400
You can solve this problem using the ALIAS command.  It will alter the DNS
responses from the outside DNS server by replacing the public address with
the internal address you specify.  Should look something like:

alias (inside) x.x.x.x y.y.y.y 255.255.255.255

where the x.x.x.x is your web server's actual inside private address and
y.y.y.y is the public address you assigned to it with the static statement
on the PIX.

Pat Payne


Message: 6
Date: Wed, 30 May 2001 15:13:50 -0700 (PDT)
From: Daniel Linder <dan_linder () yahoo com>
To: firewall-wizards () nfr com
Subject: [fw-wiz] Internal users hitting external NAT address...

(I am re-posting this from a plain text e-mail client to ensure the
text does not have HTML. -- Dan dlinder () iprev com)
Hello!

  I am setting up a test network which currently has a single PIX
firewall and two interfaces (inside, outside).  The internal network
is using a private IP range, and the PIX is configured to listen to
multiple external IP addresses and send packets through to the
correct server behind the firewall.  This works fine and I can access
the various servers from the Internet with no problem.

  Now for the question: I believe I have run into a known limitation
of the PIX firewall that my "internal" workstations can't hit the
outside IP address of the web server and pull up the web page.  Has
anyone found a solution to this problem?  The customer I have been
working with is not really keen on setting up a split-DNS (which I
have used to get around this in the past).  To further add a kink in
the works, I *have* configured this to work in this manner with a
Linux box as the firewall but that solution is not an option here.

  I've been searching the archives but I haven't been able to find
anyone who has mentioned this problem.  Has anyone found a solution
to this?

Dan
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: