Learn how to a build a cloud-first strategyRegister Now


Public Address went internal

Posted on 2006-04-15
Medium Priority
Last Modified: 2010-04-09
I have some websites I am hosting.  However they are being hosted using one to one nat.  So when I am using external dns it looks for the public address, but for some reason I cant lookup my websites via the public addresses, I dont know if the firewall is blocking the loop or what, when I am outside the network, I can view the websites no problem, but internally Its not showing up . I am using a watchguard x500 .. any ideas ?

Question by:focusen
  • 2
  • 2
LVL 51

Expert Comment

by:Keith Alabaster
ID: 16461149
Are you hosting your own DNS as well or is that held by the ISP?

Author Comment

ID: 16461173
well our dns is hosted outside the network , so our ip addresses sare something like this


our dns = 209.222.313.x

so we are using a public address as our dns server, but its hosted outside , we can add records to it, but we dont want to .  I think my firewall sees a loop and is blocking it.

Author Comment

ID: 16461181
those numbers were just examples not real !
LVL 51

Expert Comment

by:Keith Alabaster
ID: 16461374
So you don't have an internal dns server?
Is port 53 UDP traffic allowed out through the watchguard?
LVL 32

Accepted Solution

rsivanandan earned 2000 total points
ID: 16462478
Your firewall is probably preventing it to go outside and come back in using the natted address. Something like;

Server (>Mapped to x.x.x.x)-----------Firewall (Nat)---------Internet.

So when you try to access your webserver, the dns server returns the address as x.x.x.x and then you try to connect to it. But you are trying to connect to x.x.x.x using a natted outgoing connection which the firewall might block.

If you try to access the websites using the local ip addresses within internal network and *IF* it works, you have 2 solutions;

1. Install a DNS Server inside to your domain and have an alias command to point the webservers to the local ip + provide this server as the dns server to all your internal machines.

2. Update the hosts file on all the machines to include the webserver resolution to the local ip address.

Depending on your network, you can choose which one to fit.


Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses
Course of the Month21 days, 7 hours left to enroll

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question