Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Firewalls
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Cisco PIX - DNS

from [Sylvain Gil] Network Security [Permanent Link]
Subject: Re: Cisco PIX - DNS
Date: Wed, 23 Mar 2005 14:12:40 -0800 
My understanding is that the Pix will doctor the DNS packets if it
sees some but if it does not, regular IP translation will apply.
Adding the following config should do it.

alias (inside)  200.200.200.1 192.168.0.1 netmask 255.255.255.255
alias (inside)  200.200.200.2 192.168.0.2 netmask 255.255.255.255
alias (inside)  200.200.200.3 192.168.0.3 netmask 255.255.255.255

- Sylvain


On Tue, 22 Mar 2005 10:45:12 -0300, Charly <charlycr@fibertel.com.ar> wrote:

 
Hi, 
  
I'm setting up a new network where I´ll have webhosting servers behind the
PIX. 
I get problems with the DNS, because when the servers that are behind the
firewall ask about any record the DNSs respond with the public IP, and when
it try to connect, It can´t. About it I can't send an email from MAIL1 to
MAIL2. 
I was reading about the alias command, but it appears to be used when you
have the DNSs outside your network. 
Anybody knows how I can resolve it? 
  
Below is a basic configuration of my pix and the diagram of the network. 
  
Thanks, 
  
Charly 
  
Cisco PIX Firewall Version 6.1(1) 
static (inside,outside) 200.200.200.3 192.168.0.1 netmask 255.255.255.255 0
0
static (inside,outside) 200.200.200.4 192.168.0.2 netmask 255.255.255.255 0
0
static (inside,outside) 200.200.200.5 192.168.0.3 netmask 255.255.255.255 0
0 
access-list outside-list permit udp any host 200.200.200.3 eq 53
access-list outside-list permit tcp any host 200.200.200.3 eq 53
access-list outside-list permit udp any host 200.200.200.4 eq 53
access-list outside-list permit tcp any host 200.200.200.4 eq 53
access-list outside-list permit udp any host 200.200.200.5 eq 53
access-list outside-list permit tcp any host 200.200.200.6 eq 53
access-list outside-list permit tcp any host 200.200.200.3 eq 25
access-list outside-list permit tcp any host 200.200.200.3 eq 110
access-list outside-list permit tcp any host 200.200.200.4 eq 80
access-list outside-list permit tcp any host 200.200.200.5 eq 25
access-list outside-list permit tcp any host 200.200.200.5 eq 110
access-list outside-list permit tcp any host 200.200.200.5 eq 80
access-group outside-list in interface outside 
global (outside) 1 200.200.200.10
nat (inside) 1 192.168.0.0 255.255.255.0 0 0
route outside 0.0.0.0 0.0.0.0 200.200.200.1 1 
  
  
  
 



--------------------------------------------------------------------------
FREE Download - The Future in Desktop Firewalls is Available Now
 
NEW NetOp Desktop Firewall, the world's first driver-centric 
firewall software - protecting your laptops and corporate PCs at  
ring-zero! NetOp features sophisticated process & application
control, centralized management and multiple network user profiles -
NetOp is able to increase security when mobile users plug back 
into your network. Step into a more secure future - Try it FREE
http://www.securityfocus.com/sponsor/CrossTec_firewalls_050315
--------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  SYN packets which have the FIN flag set, Dan Tesch
Next by Date:  RE: SmoothWall firewall, Ghetti, Tim
Previous by Thread:  Re: Cisco PIX - DNS, Shawn Parker
Next by Thread:  RE: Cisco PIX - DNS, Michael . T . Reshetar
Indexes:  [Date] [Thread] [Top] [All Lists]