inter DMZ Communication Confusion

Unanswered Question

I have a database on one server with a dmz address and it will not communicate with another web server on the dmz that has a outside ip translated to dmz address. It has internet access and I can navigate the internet fine, but any server on the dmz seems to be off limits. I need to be able for the db server to email me via the web server on back-up completion and varification. Any ideas would be greatly appreciated.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Collin Clark Fri, 02/02/2007 - 14:11

What are the security levels on the DMZ interfaces? Remember to go from a lower one to a higher one, you need a static. You should also implement an ACL to control access.

HTH and please rate

Collin Clark Fri, 02/02/2007 - 14:27

If both servers are in the same DMZ, they should be able to communicate. Can they ping each other?

Jon Marshall Fri, 02/02/2007 - 14:31

Hi

If both servers are on the same DMZ then it is unlikely to be the firewall.

What type of switch are you using for the DMZ network ?

Did you configure the switch or did you inherit it ?

If both servers are within the same subnet then when the db server wants to talk to the web server it will not go via the firewall DMZ interface, they should be switched at layer2.

Jon

The switch is an HP ProCurve purchased new last year. Sorry can not recall the model off the top of my head. Both servers are in an IBM blade center. Which is connect to the HP ProCurve. One other not of course the web server has a translated live ip and the db server does not. It just has DMZ address. Thanks for the feedback.

Jon Marshall Mon, 02/05/2007 - 00:05

Hi

Can both the servers ping the default gateway. When you say the web server has a translated address that's fine but presumably the address configured on the NIC for the web server is out of the same subnet as the database server ???

Jon

johnroche_2 Mon, 02/05/2007 - 01:14

Does the IBM blade enclosure have switch built in. Are there any vlans configured on the blade enclosure. You might have a mismatch of vlan information.

Can both servers ping each other

Jon Marshall Mon, 02/05/2007 - 06:00

Hi

Little confused now.

Do you need to ping the public IP address of the web server from the Db server. I thought the original problem was that the db server couldn't communicate with the web server.

Seems they can talk to each other on their private IP addresses. Is there a requirement for the db server to talk to the web server but only on it's public IP address.

Jon

rob.kennedy Mon, 02/05/2007 - 10:14

does your DB server talk to your web server using its DNS name? If so your DNS should be configured to return the private IP address of the web server for internal mahines and only respond with the public IP for anyone connecting from outside your network.

Actions

This Discussion