Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
294
Views
0
Helpful
3
Replies

Alias command seems to prevent access

andyhsu
Level 1
Level 1

‎08-15-2003 08:59 PM - edited ‎03-09-2019 04:26 AM

Hello,

I have a PIX 515E with 3 interfaces running v6.2(2). On the DMZ interface, I'm running a webserver with a private IP. Using the static command, I have a public IP mapped to the web server for port 80 and port 22 on the external interface. To allow internal hosts access to this server, I setup an alias that redirects all resolution of the public IP to the web server's private IP. This works fine for web browsing, but this web server also serves a second function. I also use it as an alternative VPN by using SSH port-forwarding. When I connect to the server via SSH (from outside of the network) prior to the addition of the alias command, I had no problems with port-forwarding. Once the alias command was set, it stopped working.

From the internal network, I'm also unable to SSH to the web server's private IP any more (I have to access it through its public IP), even though I was able to prior to the alias command being in place.

I thought the alias command was only suppose to affect requests directed to the public IP of the server. Can anyone tell me why I'm running into this issue, and what would be some ways to get around the problem? Thanks in advance!

--Andy

Labels:
0 Helpful
3 Replies 3

matthewtan
Level 1
Level 1

‎08-18-2003 08:11 PM

Hi Andy,

Is your ISP hosting your domain name for you, or do you have an internal DNS server?

0 Helpful

matthewtan
Level 1
Level 1

‎08-18-2003 08:17 PM

Hi Andy,

The alias cmd would redirect all requests to your web server internal IP to the public IP. The DNS replies on the other hand, would be doctored by the PIX, so that the DNS reply to the inside clients would be changed to the web server internal IP. Is your domain name hosted by your ISP or do you have a DNS server? I was thinking maybe by using names instead of IP addresses would resolve your problem.

0 Helpful

andyhsu
Level 1
Level 1
In response to matthewtan

‎08-31-2003 03:44 PM

Thanks for the suggestion Matthew. I solved the problem by creating a virtual interface on the server, and directing the alias command to that. This allowed the normal interface IP to be accessed normally.

0 Helpful
Customers Also Viewed These Support Documents