Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Pix 501 - Allowing Routing of Public IP address

Posted on 2004-09-02
6
Medium Priority
?
265 Views
Last Modified: 2013-11-16
Kind of an odd question:

I am currently participating in a thread i started at the cisco website. This is:

http://forums.cisco.com/eforum/servlet/NetProf?page=netprof&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40%5E1%40%40.1dd647db/0#selected_message

I will split the points between anyone who can add any useful, relevant information to help resovle the thread contained therein. You need not post back there if you are not registered - a reply here would do.

Many thank,
Daniel
0
Comment
Question by:danielwatts
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 57

Assisted Solution

by:Pete Long
Pete Long earned 80 total points
ID: 11968696
Hi Daniel

Im confused? do you have NO DNS on your LAN? if so why is s1 not querying your internal DNS its A record will return an internal address?


plus your comment

>>entered a line eg 64.1.2.34 s1.host.com

your host file is queried before the client tries to resolve DNS (after the internal cache has been searched)
0
 
LVL 1

Author Comment

by:danielwatts
ID: 11968803
In response:

No all of our DNS is hosted by a 3rd party. No DNS is running locally (except maybe a forwarder that just caches responses). Having internal DNS was an option but requires administration of the DNS thereafter. If we could fix the problem globally at the firewall it would be better.

The query order is set in nsswitch.
Currently mine is:
hosts:      files nisplus nis dns
so you are correct. /etc/hosts is queried before dns. This is how I am patching the problem for the moment!
0
 
LVL 79

Assisted Solution

by:lrmoore
lrmoore earned 320 total points
ID: 11969849
0
Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

 
LVL 1

Accepted Solution

by:
tevens earned 400 total points
ID: 11990088
DNS doctoring (alias/dns) would work if the DNS response was forwarded through the firewall.  So using alias or the dns keyword on a static might not do the trick because it depends where the DNS server was/is.

To answer the main question; the pix will not forward traffic back out the same interface it heard it from.  This could open a hole in the firewall and thus compromise the security.  So the two answers that exist are to use DNS doctoring providing the DNS server responses go through the firewall or use two interfaces on the firewall.  Note that not even routers will NAT on the same interface.

--Tim
0
 
LVL 1

Author Comment

by:danielwatts
ID: 11990318
Guys thank you very much.

As it turns out the host must have just forgotten to clear xlate or something. The dns translation now works. Dig's to remote DNS servers now correctly return the translated internal IP address. Everything is dandy =)

The two interfaces on the firewall trick sounds clever - will remember that.
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 11990643
ThanQ
0

Featured Post

Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Have you created a query with information for a calendar? ... and then, abra-cadabra, the calendar is done?! I am going to show you how to make that happen. Visualize your data!  ... really see it To use the code to create a calendar from a q…
This lesson discusses how to use a Mainform + Subforms in Microsoft Access to find and enter data for payments on orders. The sample data comes from a custom shop that builds and sells movable storage structures that are delivered to your property. …
Suggested Courses

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question