Solved

Help troubleshooting NAT entry (with DNS doctoring)

Posted on 2010-11-23
5
699 Views
Last Modified: 2012-05-10
I have the following entries for a 1:1 NAT statement, that sits on a hosted firewall upstream from us:

access-list outside_acl extended permit tcp any host 74.85.0.202 eq ssh
access-list outside_acl extended permit tcp any host 74.85.0.202 eq www
access-list outside_acl extended permit tcp any host 74.85.0.202 eq https
access-list outside_acl extended permit icmp any host 74.85.0.202 echo-reply
access-list outside_acl extended permit icmp any host 74.85.0.202 echo
access-list outside_acl extended permit tcp any host 74.85.0.202 eq 3306
static (inside,outside) 74.85.0.202 10.102.84.15 netmask 255.255.255.255 dns

Open in new window


we manage the DNS servers for our company, and in the primary DNS zone, I have a simple "A" record for a FQDN to point to the above static IP, 74.85.0.202

test.abc.com.           	900     IN	A       74.85.0.202

Open in new window


so we can access this FQDN internally, in the office, we have to have the "DNS doctoring" statement in order to properly resolve the FQDN back to the private IP.

the only thing that changed over the weekend is, we have a managed-ethernet/EoC connection that utilizes a Hatteras device, and that device failed this weekend. Yesterday we had it replaced, and now we are back to using the EoC connection. That's it.

I verified w/ the hosting company that the DNS doctoring keyword does exist, as you can see by the statements posted above.

I'm at a loss why this isn't working now. any ideas where to check and/or how to resolve?

I can ping this box from our datacenter, by hostname.

64 bytes from 74.85.0.202: icmp_seq=1 ttl=54 time=10.1 ms

Open in new window


internally pinging the hostname resolves back to 10.102.84.15; trying to resolve FQDN through browser though just dies
0
Comment
Question by:kapshure
  • 3
  • 2
5 Comments
 
LVL 4

Accepted Solution

by:
patterned earned 500 total points
ID: 34200940
When you manually put that private address in the browser address bar, what happens?

If you can ping via hostname, this isn't a DNS issue, and what I previously alluded to will not work either.

You did not say if the internal pinging was successful or not.  I'll assume it was...
Is there a firewall in between the devices?
VLANs?
Is the box running the web server have port 80 open?
etc, etc.
0
 

Author Comment

by:kapshure
ID: 34200978
it was the latter! dev issue! i ran nmap on it saw that 80/443 wasn't open. hopped on the box, did a
ps - ef | grep httpd 

Open in new window


and confirmed..  checked also with
netstat -at | grep 80

Open in new window

and
netstat -at | grep 443

Open in new window

.. no dice!

started httpd, bam.

/sigh.

thanks though!
0
 

Author Closing Comment

by:kapshure
ID: 34200990
dev's hadn't started httpd!
0
 
LVL 4

Expert Comment

by:patterned
ID: 34201017
I love when I forget the dumb things.  Just a little nudge is all you needed.


Damn devs! ;)
0
 

Author Comment

by:kapshure
ID: 34201244
yeh, i just assumed they had their sh!t together. "ass-u-me" DOH!
0

Featured Post

Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Outsource Your Fax Infrastructure to the Cloud (And come out looking like an IT Hero!) Relative to the many demands on today’s IT teams, spending capital, time and resources to maintain physical fax servers and infrastructure is not a high priority.
Is your computer hacked? learn how to detect and delete malware in your PC
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now