On Tue, 2005-03-22 at 10:45 -0300, Charly wrote:
Hi,
I'm setting up a new network where I´ll have webhosting servers behind
the PIX.
I get problems with the DNS, because when the servers that are behind
the firewall ask about any record the DNSs respond with the public IP,
and when it try to connect, It can´t. About it I can't send an email
from MAIL1 to MAIL2.
So, essentially, the DNS request never traverses the firewall, so
the firewall cannot intervene in the request at all (I'm assuming
from what you say that the DNS servers are in the same network
as the WWW servers)
You'll either have to configure views on your DNS servers or have
duplicate infrastructures, one for your inside and one for your
outside.
Alternately, use the public IP addresses behind the firewall for
the WWW hosting, rather than doing NAT. This may entail splitting
the network outside up somehow, however, and may be problematic.
I was reading about the alias command, but it appears to be used when
you have the DNSs outside your network.
I believe it has mostly been replaced by the DNS keyword added to the
static statement, in addition.
Anybody knows how I can resolve it?
Below is a basic configuration of my pix and the diagram of the
network.
Thanks,
Charly
Cisco PIX Firewall Version 6.1(1)
You might well want to look into a newer version of code; 6.3 or 7.0
-- Charlie
--
- --
Charlie Winckless, CCIE #7331 | |
Senior Consulting Engineer | |
Network Architechs ||| |||
u: http://www.netarch.com .|||||. .|||||.
e: charliew@netarch.com .:|||||||||:.:|||||||||:.
p: (505) 256-9047 Cisco Systems Partner
f: (505) 256-9091 Gold Certified
PGP ID: 0xC07A7E5C
PGP: 09DE 5C1A 6984 01C4 152F 3ED0 CAED 17A1 C07A 7E5C
- -----------------------------------------------------------
"Serenity through viciousness"
signature.asc
Description: This is a digitally signed message part
