Firewall Wizards mailing list archives

RE: Internal users hitting external NAT address...

From: Paris Stone <Paris () esr com>
Date: Thu, 31 May 2001 11:37:38 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

You are running into a limitation of NAT as defined in the RFC.  Not
sure if there is a workaround, but would love to see any follow-ups
from others who might have gotten around that.

- -----Original Message-----
From: Daniel Linder [mailto:dan_linder () yahoo com]
Sent: Wednesday, May 30, 2001 6:14 PM
To: firewall-wizards () nfr com
Subject: [fw-wiz] Internal users hitting external NAT address...


(I am re-posting this from a plain text e-mail client to ensure the
text does not have HTML. -- Dan dlinder () iprev com)
Hello!

  I am setting up a test network which currently has a single PIX
firewall and two interfaces (inside, outside).  The internal network
is using a private IP range, and the PIX is configured to listen to
multiple external IP addresses and send packets through to the
correct server behind the firewall.  This works fine and I can access
the various servers from the Internet with no problem.

  Now for the question: I believe I have run into a known limitation
of the PIX firewall that my "internal" workstations can't hit the
outside IP address of the web server and pull up the web page.  Has
anyone found a solution to this problem?  The customer I have been
working with is not really keen on setting up a split-DNS (which I
have used to get around this in the past).  To further add a kink in
the works, I *have* configured this to work in this manner with a
Linux box as the firewall but that solution is not an option here.

  I've been searching the archives but I haven't been able to find
anyone who has mentioned this problem.  Has anyone found a solution
to this?

Dan


__________________________________________________
Do You Yahoo!?
Get personalized email addresses from Yahoo! Mail - only $35 
a year!  http://personal.mail.yahoo.com/
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>
Comment: Linux

iQA/AwUBOxZk3+XuAseKUgYDEQJOqACcCbKHUwc2j9XdbyQNpjKsPMd4rikAoLQS
pOYot6L/xxM8yJY+aj38FRen
=DSRN
-----END PGP SIGNATURE-----
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards

Current thread:

Internal users hitting external NAT address... Daniel Linder (May 30)
- <Possible follow-ups>
- RE: Internal users hitting external NAT address... Paris Stone (May 31)
- RE: Internal users hitting external NAT address... Payne, Patrick (May 31)