Skip to main content

DNS - Access inside web server with NATed address.

More
17 years 1 month ago #23448 by Smurf
Eh ? From the internal network, you want a machine thats going to www.google.com to instead go to your own server ?

Wayne Murphy
Firewall.cx Team Member
www.firewall.cx

Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
More
17 years 1 month ago #23450 by skepticals
Haha, sorry. I was trying to make a clear example, but I guess it didn't happen.

We registered webdomain.com (example) as our web URL. We have fh.webdomain setup to point to an internal web server. This address gets NATed on the way in so if someone on the internal network types fh.webdomain.com into their browser it doesn't work. I need to have fh.webdomain.com point to 10.10.10.10.

Does that help?
More
17 years 1 month ago #23451 by Smurf
Its much easier to have a split DNS configuration. Either have a single DNS Server internally but have you NAT device change external DNS queries as they come in and back out or simply run two DNS Servers for your registered DNS name. Internal has the addresses of your internal hosts and the external has the external addresses (thats if you indeed manage your external DNS zone).

Wayne Murphy
Firewall.cx Team Member
www.firewall.cx

Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
More
17 years 1 month ago #23453 by skepticals
We have an external DNS ran by our ISP. I run the internal DNS on Windows 2003 Server.

Any suggestions?
More
17 years 1 month ago #23455 by Smurf
On your internal DNS, add a new zone for your external dns name (FQDN). Then add the different records that you host internally to this zone but give them the internal address. Your clients will probably been set to point to this internal DNS (guessing for your AD) so they will resolve your FQDN to internal servers.

Its quite common place to do that.

Wayne Murphy
Firewall.cx Team Member
www.firewall.cx

Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
More
17 years 1 month ago #23456 by skepticals
I think I get confused sometimes between the FQDN for public web servers internal Domains. I think sometimes they match? In our case, I have separated them.

Are you saying to add a new zone for the mydomain.com domain? Then create an A record for FH.mydoamin.com that points to the internal server?
Time to create page: 0.137 seconds