accessing problem to the servers on public ip from internal

Unanswered Question
Feb 3rd, 2008

we have somany public ip which we natted to our local server ips.now from internet we are able to access those public ip.from internal network we can access those servers with local ips but not able to access those servers with those natted public ip and we want to access those servers with natted public ip also for our project.need help on this.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
parba.basu Mon, 02/04/2008 - 01:07

hello goutam,

the nat configuration is given below,

ip nat inside source static 10.1.x.249 61.xx.xxx.87

ip nat inside source static 10.1.x.154 6x.xx.xxx.71

ip nat inside source static 10.1.x.251 61.xx.xxx.75

now this servers are accessable from internet through the public ip, and from internal through private ip. but i want to access this servers from internal through public ip.how could i achieve this.

Goutam Sanyal Mon, 02/04/2008 - 01:58

Dear Parba,

IF you have a CISCO PIX/FireWall, so you can go for DNS-Doctoring.

i.e.

static (dmz,outside) PUBLIC_IP PRIVET_IP netmask 255.255.255.255

static (dmz,inside) PUBLIC_IP PRIVET_IP netmask 255.255.255.255

If, you do not have a Cisco PIX/ FireWall then you are opening a Deep Security Hole.

Thanks

Goutam

parba.basu Mon, 02/04/2008 - 02:32

hello goutam,

static (dmz,inside) PUBLIC_IP PRIVET_IP netmask 255.255.255.255 in this cmd which ip should i give as PUBLIC_IP whether the DMZ Server or Public Server IP? After doing this should i access this server from internal network with the Global Public ip?

Thanks,

Parba

Goutam Sanyal Mon, 02/04/2008 - 03:16

Actually Public IP is the Live IP from which user can access ur server from internet and Private Ip is equivalent to DMZ or the ip that can be accessed from your inside network.

But to be very frank this two commands are perfect for Cisco PIX firewall, but this process, DNS DOCTORING , enabled by default in cisco routers. You better search some documents on DNS Doctoring in Cisco routers before configuring that.But it can be done in this way that's true.

Goutam Sanyal Mon, 02/04/2008 - 04:10

According to CISCO:-

DNS doctoring allows the security appliance to rewrite DNS A-records.

DNS rewrite performs two functions:

Translates a public address (the routable or mapped address) in a DNS reply to a private address (the real address) when the DNS client is on a private interface.

Translates a private address to a public address when the DNS client is on the public interface.

More details pls visit: http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807968c8.shtml

Pls rate if it works.

Goutam

Actions

This Discussion