Re: How to hide DNS Server IP address from external user

whynot108 · ‎02-17-2005

Hi,

I have some external partner users who need to access internet via my internal network. I will configure a pix to put the external users on outside and my network on inside. The Internet access connection will be initiated from the outside interface of the pix. I will enable DHCP server on the outside interface. However I don't want the external user to see our DNS server address. How should I configure pix to achieve this goal? Thanks!

sachinraja · ‎02-17-2005

hello

this cannot be done on the pix right now.. connection initiated from outside, cannot go back through the same interface, since pix OS now doesnt support icmp redirect.. pix OS 7.0 will support this.. or.. you can move the internet router to another dmz instead of having it on the ouside interface..

hope this helps..

Raj

whynot108 · ‎02-18-2005

Hi Raj,

I am sorry to make you confused. Below this what I am trying to do.

External User (192.168.1.2) <---> Outside Int. (192.168.1.1) [PIX] Inside Int. (192.168.2.2) <---> DNS Server (192.168.2.1)

My config. on the PIX:

------------------------------------------------

dhcpd address 192.168.1.2-192.168.1.33 outside

dhcpd dns 192.168.1.34

dhcpd lease 3000

dhcpd enable outside

fixup protocol dns maximum-length 512

static (inside,outside) 192.168.1.34 192.168.2.1

access-list dns_test permit udp any host 192.168.1.34 eq 53

access-group dns_test in interface outside

----------------------------------------------

Could you help double check whether the config is correct in concepts to achieve the goal, that is to enable the external users to use DNS service and hide internal DNS server from external users?

Thanks!