02-02-2007 01:13 PM - edited 03-09-2019 05:20 PM
I have a database on one server with a dmz address and it will not communicate with another web server on the dmz that has a outside ip translated to dmz address. It has internet access and I can navigate the internet fine, but any server on the dmz seems to be off limits. I need to be able for the db server to email me via the web server on back-up completion and varification. Any ideas would be greatly appreciated.
02-02-2007 02:11 PM
What are the security levels on the DMZ interfaces? Remember to go from a lower one to a higher one, you need a static. You should also implement an ACL to control access.
HTH and please rate
02-02-2007 02:17 PM
Both servers are on the same dmz interface. I have tried to place a hairpin on it both ways permit 10.1.10.0 255.255.255.0 10.1.10.0 255.255.255.0 no go on dmz in dmz out access-lists. Thanks for the help
02-02-2007 02:27 PM
If both servers are in the same DMZ, they should be able to communicate. Can they ping each other?
02-02-2007 02:32 PM
Oops - looks like you beat me to it :-)
02-02-2007 02:31 PM
Hi
If both servers are on the same DMZ then it is unlikely to be the firewall.
What type of switch are you using for the DMZ network ?
Did you configure the switch or did you inherit it ?
If both servers are within the same subnet then when the db server wants to talk to the web server it will not go via the firewall DMZ interface, they should be switched at layer2.
Jon
02-03-2007 08:40 AM
The switch is an HP ProCurve purchased new last year. Sorry can not recall the model off the top of my head. Both servers are in an IBM blade center. Which is connect to the HP ProCurve. One other not of course the web server has a translated live ip and the db server does not. It just has DMZ address. Thanks for the feedback.
02-05-2007 12:05 AM
Hi
Can both the servers ping the default gateway. When you say the web server has a translated address that's fine but presumably the address configured on the NIC for the web server is out of the same subnet as the database server ???
Jon
02-05-2007 01:14 AM
Does the IBM blade enclosure have switch built in. Are there any vlans configured on the blade enclosure. You might have a mismatch of vlan information.
Can both servers ping each other
02-05-2007 05:55 AM
I have not tried to ping the default gateway. Ill try that today when I get to the office. They can ping each other but only using the DMZ address. If I try to ping from the DB to the Web server via the live ip no go. Ill do some more testing today and let everyone know. Thanks again for the ideas.
02-05-2007 06:00 AM
Hi
Little confused now.
Do you need to ping the public IP address of the web server from the Db server. I thought the original problem was that the db server couldn't communicate with the web server.
Seems they can talk to each other on their private IP addresses. Is there a requirement for the db server to talk to the web server but only on it's public IP address.
Jon
02-05-2007 10:14 AM
does your DB server talk to your web server using its DNS name? If so your DNS should be configured to return the private IP address of the web server for internal mahines and only respond with the public IP for anyone connecting from outside your network.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide