[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1113
  • Last Modified:

Static NAT Issue

Hi,

I've created a static NAT on our Sonicwall NSA 3500 to allow some basic services such as HTTP, FTP from a Public IP to a private IP on our LAN. Everything works fine from the outside, however I'm a little confused as to what I need to do inside for my hosts on my local subnet to be able to access this server, its DNS name resolves to its public IP and I'm getting a connection refused.

I know I could run a local DNS and have it resolve to its private address or edit the hosts.config and manually add a static route on each host, but I wanted to try to avoid either of these if possible.

many thanks in advance
0
Sobz
Asked:
Sobz
  • 2
  • 2
  • 2
  • +2
1 Solution
 
AngloCommented:
What you know that you could do is all I could suggest - HNY
0
 
simon_m_Commented:
Do you have any other internal servers ?? .. If so how do you connect to those ? ( name resolution wise that is)
0
 
SobzAuthor Commented:
Hi Simon, thanks for reply, all my other servers are on the DMZ which is in transparent mode. names resolve to public IPs.

The server in question is on our LAN and is the only static NAT I have.

thanks
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
simon_m_Commented:
Seems a slightly unusual way of doing things, however back to how to sort it ..  When you say connection refused does the firewall log give any more clues ?  ( ie does the firewall show which rule blocked the link, and at least acknowledge the attempt at making a connection)
0
 
AngloCommented:
I think it is related to spoof controls on the sonicwall.  See if http://www.experts-exchange.com/Security/Misc/Q_20768018.html gives you any clues.  Effectively your router will be seeing a source address arriving on the WAN that should only be in the LAN so it should block it.
0
 
Roachy1979Commented:
0
 
jlwcciCommented:
You need a loopback rule. If I understand what you want properly. A NAT policy like this:
firewalled subnets /X1IP / X1IP / Server IP / service / original / any / any
assuming X1 is your WAN.
0
 
SobzAuthor Commented:
Thanks this was correct, I needed a DNS NAT Loopback rule. I downloaded a technote regarding this from Sonicwalls website and once implemented works a dream.
0

Featured Post

New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

  • 2
  • 2
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now