03-04-2004 03:18 AM - edited 03-09-2019 06:38 AM
Firewall: Cisco pix 515e (6.3 software)
I have installed MDaemon on a server with internal ip of 192.168.0.39. The webmail service runs on port 3000 of this server.
Now, people inside the network can connect to the webmail service using http://192.168.0.39:3000 - however, this is not what I want.
Our webspace provider created url http://aaa.bbb.com to redirect to our public ip of http://xx.xxx.xxx.xxx:3000
Accordingly I added these lines to the pix:
access-list acl_out permit tcp any host 192.168.0.39 eq 3000
access-list acl_out permit tcp any any eq 3000
static (inside,outside) tcp xx.xxx.xxx.xxx 3000 192.168.0.39 3000 dns netmask 255.255.255.255 0 0
static (inside,outside) tcp xx.xxx.xxx.xxx http 192.168.0.39 http netmask 255.255.255.255 0 0
Now if a person outside the network tries to access
http://aaa.bbb.com they will be redirected to the webmail service on our internal server. However, if a user in our internal network tries to access http://aaa.bbb.com it does not connect.
I want to be able to have both internal and external users only use http://aaa.bbb.com to connect to the webmail service. Please tell me where I have gone wrong.
Thanks.
CD
03-04-2004 03:42 AM
03-04-2004 06:45 AM
If I understand you correctly:
1. Your ISP configured a dns record for http:\\aaa.bbb.com that you want to redirect to internal 192.168.0.39:3000 .
2. External is working, but internal is not.
Do you want your internal users being redirected to that public ip address or the internal one? (ping aaa.bbb.com). If they are hitting the public your internal dns needs to point at the private ip address for http:\\aaa.bbb.com
03-07-2004 04:39 AM
1. Not our ISP but our webspace provider. In our webspace control panel, I configured a subdomain and redirected it to http:\\aaa.bbb.com:3000
From anywhere outside our office (which is behind a cisco firewall), I can connect to the webmail using the domain http:\\aaa.bbb.com
2. External works: Using http:\\aaa.bbb.com I can connect but from only outside the office. If I am inside the office i.e behind our firewall, I cannot connect using http:\\aaa.bbb.com
I can only connect using the internal/private ip of 192.168.0.39:3000
Target: I want both internal and external users to use http:\\aaa.bbb.com to connect to the webmail. Hence, I need (don't know how) to point the internal dns to the public ip (80.xxx.xxx.xxx).
CD
03-11-2004 02:41 PM
Can you put an entry in your internal DNS servers forward lookup zone to point to your (80.xxx.xxx.xxx)?
03-14-2004 02:57 AM
How would I do that? All we have here is a firewall through which people access the Internet.
Any DNS server is provided by our isp.
CD
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide