firewall prevents use of domainname on intranet?
Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: firewall prevents use of domainname on intranet?

  1. #1
    Member
    Join Date
    Feb 2002
    Posts
    30

    firewall prevents use of domainname on intranet?

    Here's my situation:

    I've got a proxy/firewall/dns machine running nat and a portmapper.
    All local adresses are protected by nat. Including the local addres from our proxy. (so the proxy uses it's own nat to connect to the world)
    I'm using the portmapper to map incoming web request to our web machine, which's got an addres in our local network.
    When i try to open the site from outside our network (ie from the net) everything works great, but from inside our network (intranet) we can't seem to connect to our 'outside' url. (when i use the inside ip / host addres it works fine though.) It does'nt matter if i set my browser to use the proxy or not.. (the request should be routed to a local addres by the portmapper so the firewall shouldn't hold the request).
    I can connect to our DNS machine using nslookup, so the problem should not be in nameresolution

    I can ping the url, and everything looks fine ..
    Still i get an 'acces denied' when i try to open our site from the intranet using the proxy or 'not found' when i try to directly open the site.

    Dunno if this is really a security problem .. (gues not)
    But i'ts got something to do with our firewall ?

    Where to search.. ?
    who knows?

  2. #2
    Senior Member
    Join Date
    Mar 2002
    Posts
    238
    Well my friend, the only thing I can see wrong there is that maybe your files have something in them that your firewall blocks, but I doubt it.

    What I can suggest doing is to scan the files on your site if you can get a connection.. Ive never seen this problem before I dont really know what to tell you.. well here I'll think. I think maybe I've got it. Check the security level of your firewall. Are you running an SSL encrypted connection or shttp? (maybe its https I forgot) If you are, maybe the settings of your firewall have enabled it to block the incoming packets. Just my idea though.
    -{[ Joe ]}- (Joe@nitesecurity.com)
    http://www.nitesecurity.com

    [shadow]I\'m Just A Soldier In This War Against Ignorance.[/shadow]

  3. #3
    Senior Member
    Join Date
    Apr 2002
    Posts
    889
    Have you even if the IP addy's are dynamic (internal) configured your primary and secondary DNS servers at the proxy and firewall?
    I believe that one of the characteristics of the human race - possibly the one that is primarily responsible for its course of evolution - is that it has grown by creatively responding to failure.- Glen Seaborg

  4. #4
    Senior Member
    Join Date
    Apr 2002
    Posts
    889
    oops forgot, you need to config each system to see the primary and second DNS. Had a brain hickup
    I believe that one of the characteristics of the human race - possibly the one that is primarily responsible for its course of evolution - is that it has grown by creatively responding to failure.- Glen Seaborg

  5. #5
    Priapistic Monk KorpDeath's Avatar
    Join Date
    Dec 2001
    Posts
    2,628
    Sounds like you have allot going on.

    Firewall rules would be suspect first but you'd need to do a quick check of the logs. Next the portmapper. My question to you would be has anything changed recently or is this a new setup you're just trying to get going?
    Mankind have a great aversion to intellectual labor; but even supposing knowledge to be easily attainable, more people would be content to be ignorant than would take even a little trouble to acquire it.
    - Samuel Johnson

  6. #6
    Member
    Join Date
    Feb 2002
    Posts
    30

    Arrow more info

    it's a new setup. I'll give u some xtra nfo:
    (the ip's are changed.. don't want to post them here

    http machine : 192.168.0.200
    runs NT4 sp6 iis5

    Proxy machine : 212.0.0.1 (adsl using 10.0.0.138 for vpn)
    192.168.0.199
    NT4 sp6
    MS DNS server (uses 192.168.0.199)
    winroute 4.2
    - smtp/pop server
    - NAT on all communication except portmapperlist and a bunch of ip's (like primary dns)..
    - proxy. (http)
    - portmapper : TCP 212.0.0.1:25 -> 192.168.0.199:25
    TCP/UDP 212.0.0.1:53 -> 192.168.0.199:53
    TCP 212.0.0.1:80 -> 192.168.0.200:80
    - packet filter:
    in : permit anyip:* -> TCP 212.0.0.1:25
    permit anyip:* -> TCP/UDP 212.0.0.1:53
    permit anyip:* -> TCP 212.0.0.1:80
    .. some other rules
    block remainder

    out : permit TCP 212.0.0.1:25 -> anyip:*
    permit TCP/UDP 212.0.0.1:53 -> anyip:*
    permit TCP 212.0.0.1:80 -> anyip:*
    permit TCP 212.0.0.1:* -> anyip:80,443
    .. some other rules
    block remainder
    who knows?

  7. #7
    AntiOnline Senior Member souleman's Avatar
    Join Date
    Oct 2001
    Location
    Flint, MI
    Posts
    2,884
    Humm, I can't ping 212.0.0.1 and I can't open your website either......
    \"Ignorance is bliss....
    but only for your enemy\"
    -- souleman

  8. #8
    Member
    Join Date
    Feb 2002
    Posts
    30
    Humm, I can't ping 212.0.0.1 and I can't open your website either......
    did you read the message ??

    The ip's are changed.
    Don't see what you want to do with 'm anyway... the problem is on our intranet
    who knows?

  9. #9
    Hi mom!
    Join Date
    Aug 2001
    Posts
    1,103

    Re: firewall prevents use of domainname on intranet?

    [QUOTE] Originally posted here by wab73
    (...) but from inside our network (intranet) we can't seem to connect to our 'outside' url. (when i use the inside ip / host addres it works fine though.) It does'nt matter if i set my browser to use the proxy or not.. (the request should be routed to a local addres by the portmapper so the firewall shouldn't hold the request).
    I can connect to our DNS machine using nslookup, so the problem should not be in nameresolution
    (...)/QUOTE]

    I had a simillar problem. What I forgot to do was to specificly forward DNS requests trough NAT.
    I wish to express my gratitude to the people of Italy. Thank you for inventing pizza.

  10. #10
    Hi mom!
    Join Date
    Aug 2001
    Posts
    1,103

    Re: firewall prevents use of domainname on intranet?

    [QUOTE] Originally posted here by wab73
    (...) but from inside our network (intranet) we can't seem to connect to our 'outside' url. (when i use the inside ip / host addres it works fine though.) It does'nt matter if i set my browser to use the proxy or not.. (the request should be routed to a local addres by the portmapper so the firewall shouldn't hold the request).
    I can connect to our DNS machine using nslookup, so the problem should not be in nameresolution
    (...)/QUOTE]

    I had a simillar problem. What I forgot to do was to specificly forward DNS requests trough NAT.
    I wish to express my gratitude to the people of Italy. Thank you for inventing pizza.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •