Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1929
Views
0
Helpful
5
Replies

Cannot access webmail service on server (inside network) using url

clinthammer
Level 1
Level 1

‎03-04-2004 03:18 AM - edited ‎03-09-2019 06:38 AM

Firewall: Cisco pix 515e (6.3 software)

I have installed MDaemon on a server with internal ip of 192.168.0.39. The webmail service runs on port 3000 of this server.

Now, people inside the network can connect to the webmail service using http://192.168.0.39:3000 - however, this is not what I want.

Our webspace provider created url http://aaa.bbb.com to redirect to our public ip of http://xx.xxx.xxx.xxx:3000

Accordingly I added these lines to the pix:

access-list acl_out permit tcp any host 192.168.0.39 eq 3000

access-list acl_out permit tcp any any eq 3000

static (inside,outside) tcp xx.xxx.xxx.xxx 3000 192.168.0.39 3000 dns netmask 255.255.255.255 0 0

static (inside,outside) tcp xx.xxx.xxx.xxx http 192.168.0.39 http netmask 255.255.255.255 0 0

Now if a person outside the network tries to access

http://aaa.bbb.com they will be redirected to the webmail service on our internal server. However, if a user in our internal network tries to access http://aaa.bbb.com it does not connect.

I want to be able to have both internal and external users only use http://aaa.bbb.com to connect to the webmail service. Please tell me where I have gone wrong.

Thanks.

CD

Labels:
0 Helpful
5 Replies 5

patrick.cannon
Level 1
Level 1

‎03-04-2004 06:45 AM

If I understand you correctly:

1. Your ISP configured a dns record for http:\\aaa.bbb.com that you want to redirect to internal 192.168.0.39:3000 .

2. External is working, but internal is not.

Do you want your internal users being redirected to that public ip address or the internal one? (ping aaa.bbb.com). If they are hitting the public your internal dns needs to point at the private ip address for http:\\aaa.bbb.com

0 Helpful

clinthammer
Level 1
Level 1
In response to patrick.cannon

‎03-07-2004 04:39 AM

1. Not our ISP but our webspace provider. In our webspace control panel, I configured a subdomain and redirected it to http:\\aaa.bbb.com:3000

From anywhere outside our office (which is behind a cisco firewall), I can connect to the webmail using the domain http:\\aaa.bbb.com

2. External works: Using http:\\aaa.bbb.com I can connect but from only outside the office. If I am inside the office i.e behind our firewall, I cannot connect using http:\\aaa.bbb.com

I can only connect using the internal/private ip of 192.168.0.39:3000

Target: I want both internal and external users to use http:\\aaa.bbb.com to connect to the webmail. Hence, I need (don't know how) to point the internal dns to the public ip (80.xxx.xxx.xxx).

CD

0 Helpful

Not applicable
In response to clinthammer

‎03-11-2004 02:41 PM

Can you put an entry in your internal DNS servers forward lookup zone to point to your (80.xxx.xxx.xxx)?

0 Helpful

clinthammer
Level 1
Level 1
In response to

‎03-14-2004 02:57 AM

How would I do that? All we have here is a firewall through which people access the Internet.

Any DNS server is provided by our isp.

CD

0 Helpful
Customers Also Viewed These Support Documents