Firewall Wizards mailing list archives
RE: RE: Internal users hitting external NAT address...
From: yehuda <yehuda () essutton com>
Date: Fri, 1 Jun 2001 11:57:20 -0400
I tried with no success on a pix version 5.3. PIX(config)# alias (inside) 192.168.xxx.xxx 6y.yyy.yyy.yyy 255.255.255.255 PIX(config)# clear xlate local 192.168.xxx.xxx PIX(config)# clear xlate local 192.168.zzz.zzz [somelocallinuxbox]$ ping 192.168.xxx.xxx PING 192.168.xxx.xxx (192.168.xxx.xxx) from 192.168.zzz.zzz : 56(84) bytes of data. 64 bytes from 192.168.xxx.xxx: icmp_seq=0 ttl=253 time=9.365 msec 64 bytes from 192.168.xxx.xxx: icmp_seq=1 ttl=253 time=9.892 msec --- 192.168.xxx.xxx ping statistics --- 2 packets transmitted, 2 packets received, 0% packet loss round-trip min/avg/max/mdev = 9.365/9.628/9.892/0.281 ms [somelocallinuxbox]$ ping 6y.yyy.yyy.yyy PING 6y.yyy.yyy.yyy (6y.yyy.yyy.yyy) from 192.168.zzz.zzz : 56(84) bytes of data. --- 6y.yyy.yyy.yyy ping statistics --- 4 packets transmitted, 0 packets received, 100% packet loss am I doing something wrong?
-----Original Message----- From: Payne, Patrick [SMTP:Patrick.Payne () Select com] Sent: Thursday, May 31, 2001 1:33 PM To: 'firewall-wizards () nfr com' Cc: 'dan_linder () yahoo com' Subject: [fw-wiz] RE: Internal users hitting external NAT address... You can solve this problem using the ALIAS command. It will alter the DNS responses from the outside DNS server by replacing the public address with the internal address you specify. Should look something like: alias (inside) x.x.x.x y.y.y.y 255.255.255.255 where the x.x.x.x is your web server's actual inside private address and y.y.y.y is the public address you assigned to it with the static statement on the PIX. Pat Payne Message: 6 Date: Wed, 30 May 2001 15:13:50 -0700 (PDT) From: Daniel Linder <dan_linder () yahoo com> To: firewall-wizards () nfr com Subject: [fw-wiz] Internal users hitting external NAT address... (I am re-posting this from a plain text e-mail client to ensure the text does not have HTML. -- Dan dlinder () iprev com) Hello! I am setting up a test network which currently has a single PIX firewall and two interfaces (inside, outside). The internal network is using a private IP range, and the PIX is configured to listen to multiple external IP addresses and send packets through to the correct server behind the firewall. This works fine and I can access the various servers from the Internet with no problem. Now for the question: I believe I have run into a known limitation of the PIX firewall that my "internal" workstations can't hit the outside IP address of the web server and pull up the web page. Has anyone found a solution to this problem? The customer I have been working with is not really keen on setting up a split-DNS (which I have used to get around this in the past). To further add a kink in the works, I *have* configured this to work in this manner with a Linux box as the firewall but that solution is not an option here. I've been searching the archives but I haven't been able to find anyone who has mentioned this problem. Has anyone found a solution to this? Dan _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
_______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- RE: RE: Internal users hitting external NAT address... yehuda (Jun 01)
- <Possible follow-ups>
- RE:RE: Internal users hitting external NAT address... Payne, Patrick (Jun 04)