?
Solved

Firebox 700 fire wall DNS issue

Posted on 2004-10-21
3
Medium Priority
?
474 Views
Last Modified: 2010-08-05
I host a few websites locally.  My fire wall (watchgaurd firebox III 700) is configured to forward forward the public IPs to private IPs.  It works fine, but the computers inside the network can't access the site.

I searched WatchGaurd's knowlegde base and came up with this work around
There is a limitation in the Firebox NAT implementation where clients behind the Firebox cannot access the public IP address of a statically-NATted server which is on the same Firebox. Fortunately, this is not a serious handicap for most networks and there are workarounds.

*******************************************************************
Workarounds to dynamic NAT outbound and static NAT inbound situations

Configure an internal caching DNS server and point internal clients to it. Create a host entry on this DNS server that resolves the name of your company web site to the internal IP address of the Web server.
Configure the Firebox for drop-in mode and configure the Web server with the appropriate public IP address directly, instead of assinging the Firebox the address. Then, create a privately-addressed secondary network for the clients on the trusted interface to use.

*****************************************************************
I have a 2003 server box hosting dns, all computers are pointed to it.
All I have to do is edit the host file?
0
Comment
Question by:Sglennlmb
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 

Author Comment

by:Sglennlmb
ID: 12367685
full WatchGaurd KB article:

When would this be an issue? Consider the following example:

Imagine your Firebox is configured with an external IP address and assigned the name www.mycompany.com. There are many clients behind the Firebox. These clients use an external DNS server provided by your ISP. The Firebox has a static-NAT rule that forwards incoming port 80 (HTTP) requests from the Firebox's external interface to a privately addressed Web server on the optional network.

Now a user on the trusted network decides to browse your company Web site and points his browser to http://www.mycompany.com. The ISP's external DNS server correctly resolves this name to the external IP address of the Firebox. Unfortunately, the client is never able to make the Web connection.
0
 
LVL 71

Accepted Solution

by:
Chris Dent earned 500 total points
ID: 12367880

That's the cause of your problem yes.

Just edit the Internal DNS to be Start of Authority for mycompany.com (if it isn't already) and add a www record pointing at the Internal IP of your site.

The Hosts file will work if you don't want to use DNS, but if you have laptop users that access the page from both sides of the Firewall then it's not very helpful (it's also more difficult to update than DNS).
0
 
LVL 2

Expert Comment

by:stevemjp
ID: 12368550
chris-dent has hit it.

add the zone information on your local DNS server and create an A (host) record for www (assuming that is the external DNS hostname) and point it towards the internal IP of your web server.

I had this issue and did exactly this.

One thing to bear in mind, you will have to recreate all the DNS records for that zone in order for you to be able to access the from the internal network. e.g. mail.mycompany.com, pop3.mycompany.com.

The creation of this zone internally will stop your DNS forwarder from ever doing an external lookup - so beware.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

During and after that shift to cloud, one area that still poses a struggle for many organizations is what to do with their department file shares.
This article will show how Aten was able to supply easy management and control for Artear's video walls and wide range display configurations of their newsroom.
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question