On 11/2/05, JC <hiep@xxxxxxxxxx> wrote:
> On Wed, 2 Nov 2005, Jim Bartus wrote:
>
> > JC wrote:
> > > For example: I have web server (used internal ip 10.1.1.10) behind the
> >> firewall, internal network can access this web server with
> >> http://10.1.1.10, but they can't access http://www.mydomain.com. Assume
> >> that I have static IP (xxx.xxx.xxx.xxx) maps to 10.1.1.10 and dns record
> >> www.mydomain.com points to xxx.xxx.xxx.xxx
> >>
> >> What I want is to allow users inside the network be able to access
> >> http://www.mydomain.com instead of http://10.1.1.10
> >>
> >> Here is my question:
> >> should I change the rule of the firewall? If so, is there a security
> >> risk?
> >
> > What kind of firewall? You should be able to add a simple rule that permits
> > incoming traffic from your non-NAT'd IP range. Is your firewall also your
> > gateway/router or is there a separate device? Where is the NAT occurring?
> >
>
> I have CISCO PIX 515E. My DSL modem -> firewall -> router -> computers.
> That's all i have, no other device. Now, can u show me what command I
> should use to permit incoming traffic that originates from internal
> network???
>
> For now, i just use this method. Is there any security risk involves in
> this method?
>
> I never setup DNS server before and have very little knowledge on DNS, so
> I don't want to use internal DNS for now, but I'll learn more about it.
> For know, I just want to get this problem solves. Thank you for all you
> help.
>
Pix provides a solution for this dilemma the alias command:
http://www.cisco.com/warp/public/110/alias.html
If I understand your situation correctly this section specifically has
what you need:
http://www.cisco.com/warp/public/110/alias.html#backinfo
--
Leonard Isham, CISSP
Ostendo non ostento.
