- Posts: 1390
- Thank you received: 0
DNS - Access inside web server with NATed address.
17 years 2 weeks ago #23448
by Smurf
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx
Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
Replied by Smurf on topic Re: DNS - Access inside web server with NATed address.
Eh ? From the internal network, you want a machine thats going to
www.google.com
to instead go to your own server ?
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx
Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
- skepticals
- Topic Author
- Offline
- Elite Member
Less
More
- Posts: 783
- Thank you received: 0
17 years 2 weeks ago #23450
by skepticals
Replied by skepticals on topic Re: DNS - Access inside web server with NATed address.
Haha, sorry. I was trying to make a clear example, but I guess it didn't happen.
We registered webdomain.com (example) as our web URL. We have fh.webdomain setup to point to an internal web server. This address gets NATed on the way in so if someone on the internal network types fh.webdomain.com into their browser it doesn't work. I need to have fh.webdomain.com point to 10.10.10.10.
Does that help?
We registered webdomain.com (example) as our web URL. We have fh.webdomain setup to point to an internal web server. This address gets NATed on the way in so if someone on the internal network types fh.webdomain.com into their browser it doesn't work. I need to have fh.webdomain.com point to 10.10.10.10.
Does that help?
17 years 2 weeks ago #23451
by Smurf
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx
Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
Replied by Smurf on topic Re: DNS - Access inside web server with NATed address.
Its much easier to have a split DNS configuration. Either have a single DNS Server internally but have you NAT device change external DNS queries as they come in and back out or simply run two DNS Servers for your registered DNS name. Internal has the addresses of your internal hosts and the external has the external addresses (thats if you indeed manage your external DNS zone).
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx
Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
- skepticals
- Topic Author
- Offline
- Elite Member
Less
More
- Posts: 783
- Thank you received: 0
17 years 2 weeks ago #23453
by skepticals
Replied by skepticals on topic Re: DNS - Access inside web server with NATed address.
We have an external DNS ran by our ISP. I run the internal DNS on Windows 2003 Server.
Any suggestions?
Any suggestions?
17 years 2 weeks ago #23455
by Smurf
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx
Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
Replied by Smurf on topic Re: DNS - Access inside web server with NATed address.
On your internal DNS, add a new zone for your external dns name (FQDN). Then add the different records that you host internally to this zone but give them the internal address. Your clients will probably been set to point to this internal DNS (guessing for your AD) so they will resolve your FQDN to internal servers.
Its quite common place to do that.
Its quite common place to do that.
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx
Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
- skepticals
- Topic Author
- Offline
- Elite Member
Less
More
- Posts: 783
- Thank you received: 0
17 years 2 weeks ago #23456
by skepticals
Replied by skepticals on topic Re: DNS - Access inside web server with NATed address.
I think I get confused sometimes between the FQDN for public web servers internal Domains. I think sometimes they match? In our case, I have separated them.
Are you saying to add a new zone for the mydomain.com domain? Then create an A record for FH.mydoamin.com that points to the internal server?
Are you saying to add a new zone for the mydomain.com domain? Then create an A record for FH.mydoamin.com that points to the internal server?
Time to create page: 0.154 seconds