Firewall/Router Forwarder

Unanswered Question
May 9th, 2007

Hello all,

Is it possible to setup a forwarder via domain name as opposed to i.p addressing?

For example, any traffic destined for example.com forwards to 192.168.0.1

Is this possible?

Thank You

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (4 ratings)
Loading.
leighharrison Wed, 05/09/2007 - 07:00

Hi there,

Is this for a firewall or a router?

If you're on a later version of PIX or an ASA, then you can write a route to a name and refer the name to an ip address. This won't use DHCP however.

What is it you want to be able to do, as there may be another way of doing it. Load balancing? Migrating to a new internet link?

LH

** Please rate all posts **

danny9797 Wed, 05/09/2007 - 09:03

Hi, thanks for the response.

We want to setup a forward for traffic destined for an internal website. For example, someone requests www.website.com, forward this to the following internal i.p - 192.168.0.1.

We still have to distinguish if this must be set on the firewall or router. The pix is running 6.1.

leighharrison Wed, 05/09/2007 - 12:07

Hi there,

Could you not do this by altering your DNS to point to your internal IP?

LH

** Please rate all posts **

jahilnt10 Wed, 05/09/2007 - 12:38

Well, you may need to use post based redirection. If you want to redirect only www.yoursite.com not rest of the traffic from that IP. You can use Policy routing and forward traffic based on your web port which is by default 80.

danny9797 Fri, 05/11/2007 - 05:52

We need to redirect all of the traffic from 4 subnets on the network who attempts to access this specific address. So I need this redirect to work in the following example: Any user from 4 subnets type www.yoursite.com, they get ridrected to 192.168.0.1 (internal address).

leighharrison Fri, 05/11/2007 - 06:22

Hmm, it's a bit tricky as you'll need to change the address the packet is destined for.

You could write a static nat from the public to your 192.168.0.1 address and then put it on interface that that they hit for default gateway.

Although, the easiest way could be to simply pop in an entry into their hosts file for www.yoursite.com, so that they never ask dns for it and locally resolve it to 192.168.0.1

Hope that helps,

LH

** Please rate all posts **

danny9797 Fri, 05/11/2007 - 05:47

It's a long story but no, DNS cannot be used with the situtation that we're in.

Actions

This Discussion