Accessing Web sites on DMZ from behind firewall

[heyTDG]

We have a development server for Web sites running on our DMZ. I have a need for both those behind the firewall (my colleagues) and those outside (our clients) to access the sites hosted on this development server.

We have set up the following DNS records:

dev.mycompany.com A ###.###.###.###
This is the subdomain for the development server. It points to the private IP of the server internally, and the public IP externally.

staging.client1.com CNAME dev.mycompany.com
staging.client2.com CNAME dev.mycompany.com
...and so on...
These are the subdomains for our client's staging sites. From the outside, they work great. From the inside, they don't work.

What are my options for making this work?

Thanks!

 

[lgarner]

What's the NAT look like from the inside to the DMZ? Also check access-lists, although the default ACL (none) should permit this type of traffic.

 

[heyTDG]

Thanks for the reply! I went and doublechecked all the fundamentals. While doing an initial nslookup on my local name servers for each staging domain (staging.client1.com, staging.client2.com, etc.), each returned the public IP first, but then on the second query the private IP was returned. Very odd. Things were working fine after that--EXCEPT through our Squid proxy server. This is an issue as 99% of employees on our network are forced to surf through the proxy.

Could this be firewall related?

 

[lgarner]

How is the proxy server's DNS set up? It should be using or running a DNS server which only points to the internal addresses.

If you can connect to the web sites via IP from workstations and the proxy, then it's almost certainly not firewall-related. I'd recheck your split DNS setup since internal hosts should be resolving the web names only one way. If you have both internal and external addresses configured on your nameservers, or if the workstations have both internal and external nameservers configured, then this behaviour is normal.