RE: Can't Access "inside URL" from an "inside client"

Sat, 16 Sep 2000 16:37:02 -0700 

Mike -- Can you explain this a bit more for me?

I gather by creating the "two sets of IP in my /etc/ hosts" (which I don't
fully understand), you can then simply have an inside brower user type in an
inside URL and it will properly bring up the page.  Is that correct?  If so,
I would love the details.

It's also quite possible I could "live" with the situation I have now.  But
I'd rather be able to have internal users access the internal web URL
without having to know internal IP addresses.

TIA

Harry

-----Original Message-----
From: 'Mike Grierson' [mailto:[EMAIL PROTECTED]]
Sent: Saturday, September 16, 2000 4:11 PM
To: Rick
Cc: Michael Nelson; [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: Can't Access "inside URL" from an "inside client"


I make two sets of IPs in my /etc/hosts....
and make the outside IP <--> domain map the the non-private IP...
Works fine...
Mike

On Sat, 16 Sep 2000, Rick wrote:

> Take out the technical stuff, add a hangover, and thats what I was trying
to
> tell him. :)
>
> Rick
>
> ----- Original Message -----
> From: Michael Nelson <[EMAIL PROTECTED]>
> To: Harry Whitehouse <[EMAIL PROTECTED]>
> Cc: <[EMAIL PROTECTED]>
> Sent: Saturday, September 16, 2000 11:17 PM
> Subject: Re: Can't Access "inside URL" from an "inside client"
>
>
> > What's probably happening is that the outgoing packet is going through
the
> > PIX (because you are using the external address), and then to the actual
> > web server. Since the web server is probably on the same network
> > (logically speaking) as your browsing machine, the response doesn't go
> > through the PIX; it sends it directly back to the client machine.
Because
> > the responses don't go through the PIX, the originating address on those
> > packets don't get translated to the web server's public (NAT'd) address.
> > Your browser machine expects a response from the web server's public
> > address, not its internal address.
> >
> > -mike
> >
> >
> > -
> > [To unsubscribe, send mail to [EMAIL PROTECTED] with
> > "unsubscribe firewalls" in the body of the message.]
> >
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>

--------------------------
Mike Grierson
[EMAIL PROTECTED]
efax at 208 247 3438
http://www.mgi-networks.com/
http://www.mcg-ct.com/


-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]

Reply via email to