On Wed, 2 Nov 2005, Jim Bartus wrote:
> JC wrote:
> > For example: I have web server (used internal ip 10.1.1.10) behind the
>> firewall, internal network can access this web server with
>> http://10.1.1.10, but they can't access http://www.mydomain.com. Assume
>> that I have static IP (xxx.xxx.xxx.xxx) maps to 10.1.1.10 and dns record
>> www.mydomain.com points to xxx.xxx.xxx.xxx
>>
>> What I want is to allow users inside the network be able to access
>> http://www.mydomain.com instead of http://10.1.1.10
>>
>> Here is my question:
>> should I change the rule of the firewall? If so, is there a security
>> risk?
>
> What kind of firewall? You should be able to add a simple rule that permits
> incoming traffic from your non-NAT'd IP range. Is your firewall also your
> gateway/router or is there a separate device? Where is the NAT occurring?
>
I have CISCO PIX 515E. My DSL modem -> firewall -> router -> computers.
That's all i have, no other device. Now, can u show me what command I
should use to permit incoming traffic that originates from internal
network???
For now, i just use this method. Is there any security risk involves in
this method?
I never setup DNS server before and have very little knowledge on DNS, so
I don't want to use internal DNS for now, but I'll learn more about it.
For know, I just want to get this problem solves. Thank you for all you
help.
JC
