09-26-2005 06:20 AM - edited 03-09-2019 12:31 PM
Hello,
On my pix I use static route with DNS doctoring to translate request from a public IP on the outside interface to a private IP of one of my machine on the inside interface.
Ex :
static (inside,outside) 213.251.23.146 192.168.1.56 dns netmask 255.255.255.255 0 0
Each server on the inside interface use a common DNS server (ex. 192.168.1.101). This DNS server own public IP of all my hosts.
When I try to use a service (ex SMTP) from the outside like this :
telnet 213.251.23.146 25
that work without any problem. If I try with his private IP (or loopback) from the inside interface like this :
telet 192.168.1.56
that work. But if I try from the inside interface with the public IP, that don't work.
Do you know why and how to change this !
Thanks !!
Jérôme
09-26-2005 06:37 AM
I had a similar prob and had to create a dns record on my internal dns server.
ex.
Create A record
mail.domain.com = 192.168.1.56
09-26-2005 06:53 AM
I my case, this DNS server is public, it's not possible.
09-26-2005 07:18 AM
Hi,
If you are doing DNS doctoring, you can access the internal machine only with its DNS name. The DNS replies will be modified by the PIX so that your internal machines get 192.168.1.56 IP in the DNS reply.
Have you setup the alias command as follows?
alias (inside) 192.168.1.56 213.251.23.146 255.255.255.255
Note: For this to work, Your DNS server should not be inside & proxy-arp has to be disabled on inside interface.
HTH
Regards,
Shijo George.
09-26-2005 08:17 AM
If I try with the fqdn, I have the same problem, it's impossible to be connected on a specific port. Is this normal ? My network is like this :
|
PIX
-----------------------------
| | |
DNS SERVER SMTP SERVER WEB SERVER
PIX
Private IP (inside) : 192.168.1.1
Public IP (outside) : 213.251.1.1
DNS Server
Private IP (inside) : 192.168.1.2
Public IP (outside) : 213.251.1.2
DNS Server : 192.168.1.2
Hostname : ns1.mydomain.com
SMTP Server
Private IP (inside) : 192.168.1.3
Public IP (outside) : 213.251.1.3
DNS Server : 192.168.1.2
Hostname : smtp.mydomain.com
WEB Server
Private IP (inside) : 192.168.1.4
Public IP (outside) : 213.251.1.4
DNS Server : 192.168.1.2
Hostname : web.mydomain.com
My DNS Server is on the inside interface. The DNS Server is the owner of the mydomain.com SOA.
No, I have not setup the alias command. I have try but I got the same result.
Thanks for your help !
Jérôme
09-26-2005 11:12 PM
Hi,
As far as I know, this is not gonna work as long as your servers and the desktops are connected to same interface (insde).
Regards,
Shijo George.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide