firewall prevents use of domainname on intranet?

[wab73]

Here's my situation:

I've got a proxy/firewall/dns machine running nat and a portmapper.
All local adresses are protected by nat. Including the local addres from our proxy. (so the proxy uses it's own nat to connect to the world)
I'm using the portmapper to map incoming web request to our web machine, which's got an addres in our local network.
When i try to open the site from outside our network (ie from the net) everything works great, but from inside our network (intranet) we can't seem to connect to our 'outside' url. (when i use the inside ip / host addres it works fine though.) It does'nt matter if i set my browser to use the proxy or not.. (the request should be routed to a local addres by the portmapper so the firewall shouldn't hold the request).
I can connect to our DNS machine using nslookup, so the problem should not be in nameresolution

I can ping the url, and everything looks fine ..
Still i get an 'acces denied' when i try to open our site from the intranet using the proxy or 'not found' when i try to directly open the site.

Dunno if this is really a security problem .. (gues not)
But i'ts got something to do with our firewall ?

Where to search.. ?

[silentstalker]

Well my friend, the only thing I can see wrong there is that maybe your files have something in them that your firewall blocks, but I doubt it.

What I can suggest doing is to scan the files on your site if you can get a connection.. Ive never seen this problem before I dont really know what to tell you.. well here I'll think. I think maybe I've got it. Check the security level of your firewall. Are you running an SSL encrypted connection or shttp? (maybe its https I forgot) If you are, maybe the settings of your firewall have enabled it to block the incoming packets. Just my idea though.

[Palemoon]

Have you even if the IP addy's are dynamic (internal) configured your primary and secondary DNS servers at the proxy and firewall?

[Palemoon]

oops forgot, you need to config each system to see the primary and second DNS. Had a brain hickup

[KorpDeath]

Sounds like you have allot going on.

Firewall rules would be suspect first but you'd need to do a quick check of the logs. Next the portmapper. My question to you would be has anything changed recently or is this a new setup you're just trying to get going?

[wab73]

it's a new setup. I'll give u some xtra nfo:
(the ip's are changed.. don't want to post them here

http machine : 192.168.0.200
runs NT4 sp6 iis5

Proxy machine : 212.0.0.1 (adsl using 10.0.0.138 for vpn)
192.168.0.199
NT4 sp6
MS DNS server (uses 192.168.0.199)
winroute 4.2
- smtp/pop server
- NAT on all communication except portmapperlist and a bunch of ip's (like primary dns)..
- proxy. (http)
- portmapper : TCP 212.0.0.1:25 -> 192.168.0.199:25
TCP/UDP 212.0.0.1:53 -> 192.168.0.199:53
TCP 212.0.0.1:80 -> 192.168.0.200:80
- packet filter:
in : permit anyip:* -> TCP 212.0.0.1:25
permit anyip:* -> TCP/UDP 212.0.0.1:53
permit anyip:* -> TCP 212.0.0.1:80
.. some other rules
block remainder

out : permit TCP 212.0.0.1:25 -> anyip:*
permit TCP/UDP 212.0.0.1:53 -> anyip:*
permit TCP 212.0.0.1:80 -> anyip:*
permit TCP 212.0.0.1:* -> anyip:80,443
.. some other rules
block remainder

[souleman]

Humm, I can't ping 212.0.0.1 and I can't open your website either......

[wab73]

Humm, I can't ping 212.0.0.1 and I can't open your website either......

did you read the message ??

The ip's are changed.
Don't see what you want to do with 'm anyway... the problem is on our intranet

[Guus]

[QUOTE] Originally posted here by wab73
(...) but from inside our network (intranet) we can't seem to connect to our 'outside' url. (when i use the inside ip / host addres it works fine though.) It does'nt matter if i set my browser to use the proxy or not.. (the request should be routed to a local addres by the portmapper so the firewall shouldn't hold the request).
I can connect to our DNS machine using nslookup, so the problem should not be in nameresolution (...)/QUOTE]

I had a simillar problem. What I forgot to do was to specificly forward DNS requests trough NAT.

[Guus]

[QUOTE] Originally posted here by wab73
(...) but from inside our network (intranet) we can't seem to connect to our 'outside' url. (when i use the inside ip / host addres it works fine though.) It does'nt matter if i set my browser to use the proxy or not.. (the request should be routed to a local addres by the portmapper so the firewall shouldn't hold the request).
I can connect to our DNS machine using nslookup, so the problem should not be in nameresolution (...)/QUOTE]

I had a simillar problem. What I forgot to do was to specificly forward DNS requests trough NAT.