Solved

Help troubleshooting NAT entry (with DNS doctoring)

Posted on 2010-11-23
5
700 Views
Last Modified: 2012-05-10
I have the following entries for a 1:1 NAT statement, that sits on a hosted firewall upstream from us:

access-list outside_acl extended permit tcp any host 74.85.0.202 eq ssh
access-list outside_acl extended permit tcp any host 74.85.0.202 eq www
access-list outside_acl extended permit tcp any host 74.85.0.202 eq https
access-list outside_acl extended permit icmp any host 74.85.0.202 echo-reply
access-list outside_acl extended permit icmp any host 74.85.0.202 echo
access-list outside_acl extended permit tcp any host 74.85.0.202 eq 3306
static (inside,outside) 74.85.0.202 10.102.84.15 netmask 255.255.255.255 dns

Open in new window


we manage the DNS servers for our company, and in the primary DNS zone, I have a simple "A" record for a FQDN to point to the above static IP, 74.85.0.202

test.abc.com.           	900     IN	A       74.85.0.202

Open in new window


so we can access this FQDN internally, in the office, we have to have the "DNS doctoring" statement in order to properly resolve the FQDN back to the private IP.

the only thing that changed over the weekend is, we have a managed-ethernet/EoC connection that utilizes a Hatteras device, and that device failed this weekend. Yesterday we had it replaced, and now we are back to using the EoC connection. That's it.

I verified w/ the hosting company that the DNS doctoring keyword does exist, as you can see by the statements posted above.

I'm at a loss why this isn't working now. any ideas where to check and/or how to resolve?

I can ping this box from our datacenter, by hostname.

64 bytes from 74.85.0.202: icmp_seq=1 ttl=54 time=10.1 ms

Open in new window


internally pinging the hostname resolves back to 10.102.84.15; trying to resolve FQDN through browser though just dies
0
Comment
Question by:kapshure
  • 3
  • 2
5 Comments
 
LVL 4

Accepted Solution

by:
patterned earned 500 total points
ID: 34200940
When you manually put that private address in the browser address bar, what happens?

If you can ping via hostname, this isn't a DNS issue, and what I previously alluded to will not work either.

You did not say if the internal pinging was successful or not.  I'll assume it was...
Is there a firewall in between the devices?
VLANs?
Is the box running the web server have port 80 open?
etc, etc.
0
 

Author Comment

by:kapshure
ID: 34200978
it was the latter! dev issue! i ran nmap on it saw that 80/443 wasn't open. hopped on the box, did a
ps - ef | grep httpd 

Open in new window


and confirmed..  checked also with
netstat -at | grep 80

Open in new window

and
netstat -at | grep 443

Open in new window

.. no dice!

started httpd, bam.

/sigh.

thanks though!
0
 

Author Closing Comment

by:kapshure
ID: 34200990
dev's hadn't started httpd!
0
 
LVL 4

Expert Comment

by:patterned
ID: 34201017
I love when I forget the dumb things.  Just a little nudge is all you needed.


Damn devs! ;)
0
 

Author Comment

by:kapshure
ID: 34201244
yeh, i just assumed they had their sh!t together. "ass-u-me" DOH!
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

David Varnum recently wrote up his impressions of PRTG, based on a presentation by my colleague Christian at Tech Field Day at VMworld in Barcelona. Thanks David, for your detailed and honest evaluation!
This past year has been one of great growth and performance for OnPage. We have added many features and integrations to the product, making 2016 an awesome year. We see these steps forward as the basis for future growth.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question