Home page logo

firewall-wizards logo Firewall Wizards mailing list archives

Internal users hitting external NAT address...
From: Daniel Linder <dan_linder () yahoo com>
Date: Wed, 30 May 2001 15:13:50 -0700 (PDT)

(I am re-posting this from a plain text e-mail client to ensure the
text does not have HTML. -- Dan dlinder () iprev com)

  I am setting up a test network which currently has a single PIX
firewall and two interfaces (inside, outside).  The internal network
is using a private IP range, and the PIX is configured to listen to
multiple external IP addresses and send packets through to the
correct server behind the firewall.  This works fine and I can access
the various servers from the Internet with no problem.

  Now for the question: I believe I have run into a known limitation
of the PIX firewall that my "internal" workstations can't hit the
outside IP address of the web server and pull up the web page.  Has
anyone found a solution to this problem?  The customer I have been
working with is not really keen on setting up a split-DNS (which I
have used to get around this in the past).  To further add a kink in
the works, I *have* configured this to work in this manner with a
Linux box as the firewall but that solution is not an option here.

  I've been searching the archives but I haven't been able to find
anyone who has mentioned this problem.  Has anyone found a solution
to this?


Do You Yahoo!?
Get personalized email addresses from Yahoo! Mail - only $35 
a year!  http://personal.mail.yahoo.com/
firewall-wizards mailing list
firewall-wizards () nfr com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]