My inside IPs are the 192.168.1.* IP's...
the outside are mostly through say 219.9.221.82 ..
In my /etc/hosts file in the web server I have
192.168.1.15 www www.mcg-ct.com
I have my own DNS, so I can make a domain name mappings
to private IPs if needed... ie map both the 192.168.1.15
IP AND the 219.9.221.82 IP to the www.mcg-ct.com domain name...
The /etc/hosts only seems to need the internal IP though...
If I did not have my own DNS, my DNS provider would do the
mapping of 219.9.221.82 to www.mcg-ct.com .... and the /etc/hosts
file takes care of the internal stuff....
My internal machines look to the webserver then the DNS....
the webserver specifics host and continue with DNS whereever...
via the nsswitch deal...
This is really a DNS issue, not a firewall issue in my opinion...
I hope this helps.
Mike
On Sat, 16 Sep 2000, Harry Whitehouse wrote:
> Mike -- Can you explain this a bit more for me?
>
> I gather by creating the "two sets of IP in my /etc/ hosts" (which I don't
> fully understand), you can then simply have an inside brower user type in an
> inside URL and it will properly bring up the page. Is that correct? If so,
> I would love the details.
>
> It's also quite possible I could "live" with the situation I have now. But
> I'd rather be able to have internal users access the internal web URL
> without having to know internal IP addresses.
>
> TIA
>
> Harry
>
> -----Original Message-----
> From: 'Mike Grierson' [mailto:[EMAIL PROTECTED]]
> Sent: Saturday, September 16, 2000 4:11 PM
> To: Rick
> Cc: Michael Nelson; [EMAIL PROTECTED]; [EMAIL PROTECTED]
> Subject: Re: Can't Access "inside URL" from an "inside client"
>
>
> I make two sets of IPs in my /etc/hosts....
> and make the outside IP <--> domain map the the non-private IP...
> Works fine...
> Mike
>
> On Sat, 16 Sep 2000, Rick wrote:
>
> > Take out the technical stuff, add a hangover, and thats what I was trying
> to
> > tell him. :)
> >
> > Rick
> >
> > ----- Original Message -----
> > From: Michael Nelson <[EMAIL PROTECTED]>
> > To: Harry Whitehouse <[EMAIL PROTECTED]>
> > Cc: <[EMAIL PROTECTED]>
> > Sent: Saturday, September 16, 2000 11:17 PM
> > Subject: Re: Can't Access "inside URL" from an "inside client"
> >
> >
> > > What's probably happening is that the outgoing packet is going through
> the
> > > PIX (because you are using the external address), and then to the actual
> > > web server. Since the web server is probably on the same network
> > > (logically speaking) as your browsing machine, the response doesn't go
> > > through the PIX; it sends it directly back to the client machine.
> Because
> > > the responses don't go through the PIX, the originating address on those
> > > packets don't get translated to the web server's public (NAT'd) address.
> > > Your browser machine expects a response from the web server's public
> > > address, not its internal address.
> > >
> > > -mike
> > >
> > >
> > > -
> > > [To unsubscribe, send mail to [EMAIL PROTECTED] with
> > > "unsubscribe firewalls" in the body of the message.]
> > >
> >
> > -
> > [To unsubscribe, send mail to [EMAIL PROTECTED] with
> > "unsubscribe firewalls" in the body of the message.]
> >
>
> --------------------------
> Mike Grierson
> [EMAIL PROTECTED]
> efax at 208 247 3438
> http://www.mgi-networks.com/
> http://www.mcg-ct.com/
>
>
>
--------------------------
Mike Grierson
[EMAIL PROTECTED]
efax at 208 247 3438
http://www.mgi-networks.com/
http://www.mcg-ct.com/
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
