Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

PIX 506, Windows 2000, and DNS 1

Status
Not open for further replies.
dougnc

dougnc

Programmer
Sep 2, 2001
62
US
I have a pix 506 firewall, and I'm trying to run a web site and dns on the server inside the firewall. Internet Solutions, tho, can't seem to see my dns.

Is there something I need to do to enable DNS? I did the
access-list acl_out eq 53 on both the inner ip and the outer.

Any help would be greatly appreciated.

 
Sort by date Sort by votes
post the config (modified, of course), and I'll see what I can do.
 
Upvote 0 Downvote
are you using a cisco router, or a linksys with NAT?? Im trying to do the same, but with a linksys on broadband connection... the double nat thing i think is screwing me up... Im trying to forward all ports to the outside interface of the pix (from the linksys), and then trying to pick and choose my access-lists, but no luck..if anyone is running the same setup, please let me know...

Dave
 
Upvote 0 Downvote
You will need a static mapping to the internal server. Then create the access-list to allow port 53 udp/tcp and apply it to the outside interface.
 
Upvote 0 Downvote
Now it's getting strange. If I go to another location, and do a without the www, the browser says finding 10.x.x.x, my internal web site address. I didn't really want my internal addresses getting out.

still gets me nothing.

But now I have to figure out why the pix firewall is letting internal addresses out.
 
Upvote 0 Downvote
Running a DNS server internally can be done, but it is usually better to split the DNS inside and outside. Run a DNS server inside for your internal clients and then run an external DNS server outside the firewall for public access. This helps hide you internal network design and there is one less hole in the firewall. The downside is that you then have two DNS servers to administer and you must lock down the external server (disable unused daemons/services, access-lists on or external router, etc).

However, you should be able to configure the DNS server to be queried internally with the following commands.

static (inside,outside) y.y.y.y x.x.x.x netmask 255.255.255.255
access-list acl_out permit udp any host y.y.y.y eq 53
access-group acl_out in interface outside

In this case y.y.y.y is the external address of the DNS server and x.x.x.x is the internal address of the server.

Once that is working and you can successfully query the DNS server, you then need to make sure DNS is setup with the correct address for and
Bluecrack
 
Upvote 0 Downvote
Thanks Bluecrack! I had just wiped up my pix configuraton and started redoing it, when I got your message.

Still, when I was finished I still got my internal address from outside browsers looking for I thought pix automatically translated this stuff.

I then tried
alias (outside) 99.99.99.99 10.10.10.10 255.255.255.255

That didn't work, so I tried:
alias (inside) 10.10.10.10 99.99.99.99 255.255.255.255

That did it, except I had to access-list tcp eq www.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
670
Sameer258
Sameer258
Tommy_T
  • Locked
  • Question
Sonic wall - Have an issue remotely connectioning VNC and SMB (and AFP) to one of the 2 ISP circuits
Replies
1
Views
513
nnaarrnn
nnaarrnn
Nitta84
  • Locked
  • Question
navigation slow and tcp syc/ack drop
Replies
0
Views
448
Nitta84
Nitta84
Russtoleum
  • Locked
  • Question
Windows client can't connect to sonicwall l2tp server
Replies
0
Views
135
Russtoleum
Russtoleum
mackland1903
  • Locked
  • Question
Populate oblect group from DNS
Replies
1
Views
137
burtsbees
burtsbees

Part and Inventory Search

Sponsor

Back
Top