Firewall, NAT, Router... something is blocking me

Posted on 2003-03-19
Medium Priority
Last Modified: 2013-11-16

I have a litlle problem when I want to NAT a webserver,

Current configuration :

Webserver with <web public IP> gateway : <public IP of my Firewall>  ==> everything's working fine, but unprotected.

New configuration :

Webserver with <192.168.*.*> NAT to <web public IP> gateway <private IP of DMZ> : nothing's going in nor out


Webserver with <192.168.*.*> NAT to <another public IP of our range> gateway <private IP of DMZ> : everything's working perfect !

Problem :

I can't change my DNS to point to new public IP because of same problem on ftp server that is configured on all the workshops of my company. Changing DNS is not a solution !

Where can that be bloacked then ???

Please help :-)

Question by:Tessai
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2

Expert Comment

ID: 8167905
Ok need to clear things up a little first. An ASCII diagram, or better worded description of the environment you would LIKE to implement would be much appreciated.

Also if you could specifiy products being used.

Author Comment

ID: 8168186

I have a firewall, a LAN and a DMZ

In my LAN, I have all the workstations of my LAN working fine,
In my DMZ I have nothing up to now, exept a PCtest with FTP and WWW running on it and accessible from the internet, so the DMZ is working fine,

On my firewall, a FW1 Checkpoint, 3 NIC's, 1 for my LAN, 1 for my DMZ and 1 connected to a switch, a RJ45 goes to my cisco routeur.

Internet == router == switch ==> FW1 and up to now webserver, ftpserver, mailserver

What I would like to do is :

Internet == router == switch == FW1
FW1 linked to LAN and DMZ

What I did :

Set webserver with public IP (ie. to private IP behind DMZ (ie 192.168.1.*), so the webserver has now 192.168.1.* and NAT to it's prior public IP. ==> not working

If I set the webserver on another public IP (ie., it's working fine...

Why ??

Hope it's well explained....

Accepted Solution

karrik earned 500 total points
ID: 8171990
I had a similar problem last year and it turned out that a Cisco router "remembered" that the old MAC address belonged to the public IP and it never allowed the new NAT:ted MAC address for the service.

Power cycling the Cisco after I NAT:ted the server solved my problem.

You can easily see if this is the case by running tcpdump or a similar program on your setup.

Author Comment

ID: 8173443
YEAH !!! That was it !!!!

Thanks for your help !

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
Let's recap what we learned from yesterday's Skyport Systems webinar.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question