cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
529
Views
20
Helpful
7
Replies

Firewall/Router Forwarder

danny9797
Level 1
Level 1

Hello all,

Is it possible to setup a forwarder via domain name as opposed to i.p addressing?

For example, any traffic destined for example.com forwards to 192.168.0.1

Is this possible?

Thank You

7 Replies 7

leighharrison
Level 7
Level 7

Hi there,

Is this for a firewall or a router?

If you're on a later version of PIX or an ASA, then you can write a route to a name and refer the name to an ip address. This won't use DHCP however.

What is it you want to be able to do, as there may be another way of doing it. Load balancing? Migrating to a new internet link?

LH

** Please rate all posts **

Hi, thanks for the response.

We want to setup a forward for traffic destined for an internal website. For example, someone requests www.website.com, forward this to the following internal i.p - 192.168.0.1.

We still have to distinguish if this must be set on the firewall or router. The pix is running 6.1.

Hi there,

Could you not do this by altering your DNS to point to your internal IP?

LH

** Please rate all posts **

Well, you may need to use post based redirection. If you want to redirect only www.yoursite.com not rest of the traffic from that IP. You can use Policy routing and forward traffic based on your web port which is by default 80.

We need to redirect all of the traffic from 4 subnets on the network who attempts to access this specific address. So I need this redirect to work in the following example: Any user from 4 subnets type www.yoursite.com, they get ridrected to 192.168.0.1 (internal address).

Hmm, it's a bit tricky as you'll need to change the address the packet is destined for.

You could write a static nat from the public to your 192.168.0.1 address and then put it on interface that that they hit for default gateway.

Although, the easiest way could be to simply pop in an entry into their hosts file for www.yoursite.com, so that they never ask dns for it and locally resolve it to 192.168.0.1

Hope that helps,

LH

** Please rate all posts **

It's a long story but no, DNS cannot be used with the situtation that we're in.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco