Firewall NG Config

[starwars]

Hi

I have firewall ng setup with an external and internal interface that works perfectly at the minute. I have been give new ip addresses from my isp that arent in my original range. They said they have advertised them on the same range so i should be able to use them, However when i try to set up a host for one fo the new ip's i cant get through to it. Also our webserver on the inside is hosting another website does anyone have info on how to host several websites on the one machine with different external addresses. At the minute the firewall is erroring saying that 2 hosts have the same internal ip addresses and static nat.

Hope someone can help

Thansk

Claire

 

[rn4it]

I would start checking the config. Make sure there is the new IP's bound to the external interface, routing on the FW. Double check the hosts that may be conflicting IP's and check the NAT.

Sorry I can't be of more help, but I would need to know more about your FW config.

 

[ChrisAC]

Why have different external IP addresses for a single host when you only need one? You can create "virtual servers" on your web server but all the sites still resolve to a single global address.

Chris.
**********************
Chris Andrew, CCNA, CCSA
chris@iproute.co.uk
**********************

 

[starwars]

Hi

We have decided to use different ip addresses as we are hosting the websites for some of our smaller subsidiaries and they may be moved at some point.

Can anyone tell me if it is possible to use the new ip addresses i have been given that are in a different range. I have added a route from the ext int to one of the new addresses - is that enough. Any help would be appreciated.

Thanks

 

[gurner]

Even if subsidiaries move you could still have virtual servers (several sites resolving to one IP)

 

[starwars]

Hi

Can you tell me where i can find documents on how to do this.

Thanks


Claire

 

[gurner]

http://support.microsoft.com/default.aspx?scid=KB;en-us;q248025

http://www.networkcomputing.com/netdesign/iisadmin1.html

2 to chew on for the time being.

 

[starwars]

hello again

please i need more help i have gotten so far but am stuck again.
Ok - i have set up the webserver with 2 virtual addresses so i have 3 websites which i can access from the firewall no problem. From the outside i can access only two of the websites. I think it is because the third websites external address is in a different range. Should i have some cofig for arp to map this new address to my ext interface? My isp look after my router and said the new range of addresses is being advertised with my existing range. If i do a tracert i can cofirm this address is ending up at our router.

Hope this makes sense.

 

[starwars]

Hi

hopefully girth will be able to help me again. I st uo the websites using 2 virtual ip addresses on the webserver and can connect to them fine from outside. My problem is i cant connect to them anymore from inside by name or ip address. I dont have an internal dns server my isp hosts my external dns server. Can anyone help me resolve this,

Thanks

 

[gurner]

How about a HOST file?

 

[Piloria]

Check and see how the external router has set the 2nd range.
it needs the firewalls external ip address as gateway for the new range.
Nat on the firewall for the new range will take care of routing at the firewall

 

[starwars]

hi again

i have added the virtual addresses in the hosts file on the webserver but i still cant even from the webserver browse to the addresses or the names. - not even thr original site which was working before i had added the virtual ip's and websites,

Thanks

claire

 

[steveave]

Did you try a route add at the os level. You can then redirect any external addresses to internal ones via the os.
Then all you have to do is let checkpoint do the nat. Also the workstation objects would be defined by internal ip's.