Confussion: DNS/FQDN behind SOHO Firewall/Router

Similar Messages

• FQDN behind NAT'd router and OD Master assistance request

  I have a static IP (1) from my ISP that is assigned via PPPoE.
  Because of the PPPoE, I use a SOHO router as a my gateway, and NAT the necessary ports to 192.168.1.10
  I would like to setup a FQDN and OD Master (with Kerberos) at 192.168.1.10, but am unsure how to do this. I've setup FQDN with a global IP before, but never one with NAT'd to a private IP. I think I can get DNS "working", but not in a good enough state for OD Master with Kerberos.
  Does someone have a setup guide for this situation?

  ... unanswered. withdraw question

• To host an web server behind an firewall which is behind an router

  Dear All,
  Now i am trying to find an solution for this network structure
  Aim: To host an webserver
  Products used : HP Blade Server, Cisco 2960 Switch, Cisco ASA Firewall 5500, Cisco Router 1900 
  Connectivity : Static ip with Leased line from one ISP (8 IP's with 6 usable)
  Setup: Server -->Switch-->Firewall-->Router-->ISP-----------ISP-->Router-->User
  Server : 192.168.20.10/24
  Switch : 192.168.20.2/24
  Firewall : 192.168.10.2/24 (router end) and 192.168.20.1/24(switch end)
  Router : 192.168.10.1/24 (firewall end) and 11.11.11.12(serial) (WAN IP)
  Default gateway for Router : 11.11.11.11 (Wan ip gateway)
  Usable public LAN  ip : 20.12.1.1-20.12.1.8
  Like to host the server using one of the public lan ip natted with the server
  If anyone know how to configure this kindly give ur suggestion and configuration details..
  I have only one week time to do this..
  Kindly assisst me
  Thanks and regards
  Balamurugan

  Dear All,
  Now i am trying to find an solution for this network structure
  Aim: To host an webserver
  Products used : HP Blade Server, Cisco 2960 Switch, Cisco ASA Firewall 5500, Cisco Router 1900 
  Connectivity : Static ip with Leased line from one ISP (8 IP's with 6 usable)
  Setup: Server -->Switch-->Firewall-->Router-->ISP-----------ISP-->Router-->User
  Server : 192.168.20.10/24
  Switch : 192.168.20.2/24
  Firewall : 192.168.10.2/24 (router end) and 192.168.20.1/24(switch end)
  Router : 192.168.10.1/24 (firewall end) and 11.11.11.12(serial) (WAN IP)
  Default gateway for Router : 11.11.11.11 (Wan ip gateway)
  Usable public LAN  ip : 20.12.1.1-20.12.1.8
  Like to host the server using one of the public lan ip natted with the server
  If anyone know how to configure this kindly give ur suggestion and configuration details..
  I have only one week time to do this..
  Kindly assisst me
  Thanks and regards
  Balamurugan

• ACE problem - bridge mode - behind a firewall

  Hello
  We are having problems with one of you ACE context, this implementation was done by a supplier and I am trying to troubleshoot it.
  The clients and the servers are on different subnets, there is a Nokia firewall in the middle. The firewalls are setup on a cluster.
  Connecting to port 7072 is taking at least 30 seconds. If I move the server into the VLAN in front of the ACE, the connection is instant. So it does indicate a problem on the ACE.
  The client IP is .99.11.
  The VIP is .100.62 and the server node is .100.12.
  Running the capture command I can see the following behavior:
  1. The client initiates the connection to the ACE Vip
  2. At the same time it looks like a second connection is initiated from the client to the server node
  Please see attachment.
  Is this a normal situation where the connection is duplicated?
  Does this interface setup look correct?
  Is the bridge mode the correct setup in this scenario?
  interface vlan 10
  bridge-group 2
  no normalization
  mac-sticky enable
  access-group input PERMITALL
  service-policy input VLAN10-INTER-MMPM
  no shutdown
  interface vlan 15
  bridge-group 2
  no normalization
  access-group input PERMITALL
  no shutdown
  interface bvi 2
  ip address 192.168.100.7 255.255.255.192
  alias 192.168.100.6 255.255.255.192
  peer ip address 192.168.100.8 255.255.255.192
  no shutdown
  ip route 0.0.0.0 0.0.0.0 192.168.100.1
  Many thanks,
  Damian

  Thanks for replying James,
  I am sure I configured the capture only for VLAN10 which is in the VIP side.
  But you are right, it looks like is showing both VLAN10 and VLAN15. So that is one of my theories out of the window! :)
  This is a new installation, still on the testing stage. So it would be good time to make changes.
  Do you normally implement a routed setup behind a firewall? Rather than a bridged….
  It is quite a small setup:
  • Traffic is coming from a separate local subnet
  • Traffic is not coming from the internet so it does not required a NAT
  • We need 1 VIP listening on two ports
  • The backend servers are four Linux boxes
  Thanks again,
  Damian

• Networking skipped in installing Solaris 9, 10 behind a Linksy router

  Hi, gurus,
  I am trying to install Solaris 9 or 10 on a PC on a 192.168.0.0 network behind a linksys router but can not have the networking set up on it.
  During the installation, I was prompted for the host name, but I did not have a chance to enter the information usually prompted for, such as IP address, network mask, default gateway, DNS servers, etc. That networking part was simply skipped. The installation is otherwise straightforward, and Solaris runs on the PC, only no networking.
  ifconfig -a shows only the lo0 loopback.
  I wonder if this is because the PC is on a 192.168.0.0 network behind a router, or because the network card is not recognized. I ran solaris 9 configuration assistant again. The configuration assistant does briefly displays the network card when polling for hardware devices: "Xir com Pocket Ethernet Parallel Port Card".
  I found a posting on the internet that shows an example of [successful installation of Solaris 10 on a ldap top with exactly the Xir com Pocket Ethernet Parallel Port Card|http://blogs.pfuetzner.de/matthias/?m=200607] . I followed a few steps and got stuck on the pe.bef thing, which I guess is the network card driver, which I do not have. I searched on the internet, but did not succeed in finding one.
  I would appreciate it if you gurus had some advice either on following through that example, or some alternative solution to the problem. Or, if buying a card found in the [hardware compatibility list|http://www.sun.com/bigadmin/hcl/data/sol/components/views/networking_all_results.model.page1.html] would solve the problem, I would buy one. But is the problem due to an unsupported network card, or because of the PC is on a 192.168.0.0 network behind a router?
  Many thanks for your advice!
  Newman

  Hi, Michael, and all who happen to know this:
  I bought a network card (3CSOHO100-TX, the first one in the [HCL as "reported to work"|http://www.sun.com/bigadmin/hcl/data/sol/components/views/networking_reported_to_work.page1.html] ), but this card does not seem to be any better than the other one.
  When running the Configuration Assistant of Solaris 10 3/05, there was not any hint whether the network card was detected. With Solaris 9 9/05, the hardware polling did result in a network card listed among the detected devices. However, in both versions of Solaris, the installation configuration skipped the section for collecting network card configuration information. So I just cut it short and quit the installation when I saw that network part was skipped.
  I already have Solaris 10 3/05 installed with the other card (i.e., without any network card recognized), and wondered if the new card can be detected in the installed unix. I searched in the archive of this forum and [found a link|http://solaris-x86.org/documents/tutorials/network.mhtml] in one of the postings. I followed the steps, but the article seems to be for certified cards only. The 3CSOHO100-TX card is not in the /boot/solaris/devicedb/master file.
  My questions are:
  1. Since Solaris 10 3/05 is already running, are there any commands that can be used to detect the physical card, and then get it configured? I checked Craig Hunt's TCP/IP book (3rd Ed), and tried dmesg | grep eth, netstat -in, and ifconfig -a, to no avail. I also tried prtconf | grep pci, and no clue either.
  2. Since this card is in the HCL list, are there any members on this forum who happen to have some experience with the card and can lend some insight?
  The PC I am using to install the Solaris is a Dell Dimension 4500.
  When the configuration assistant was running there were some messages about resource conflict (two devices using the same interrupt number). I am not good at interpreting the messages, and removed the wireless network card just in case, so there is only one network card in the PC. That did not make it any better either.
  Much appreciation for your help!
  Newman
  Edited by: J.Newman on Jun 23, 2010 1:17 PM

• Configuring the listener behind a firewall

  We are setting up a database server behind a PIX firewall router. The PIX remaps IPs into internal IP addresses so inside the firewall the host IP will be 10.0.0.x for instance. Has anyone been able to make this work so that a listener inside the firewall can connect to the database? How did you set up tnsnames.ora? Please email me. Thanks.
  -Tom

  I read it is better to use the lastest listener to listen to both databases is this true?It's better, that's true, it's better to use the listener from the most recent release.
  Nicolas.

• MX200 standalone behind a DSL router

   I need to deploy a standalone MX200 (non registered) connected behind a DSL router and want to make calls via H323. What sort of configuration is needed for this to work ?
  Will it be similar to an EX90 setup in the same way where we set the port allocation to static and setup the H323 nat address 
  Where are these configuration options to set on a MX200
  Thanks
  Ambi 

  HI Ambi,
  Yes, the MX200 runs the same software as the EX90 you mentioned as well (TC software) - so the way it's configured is pretty much identical.
  If you've got the EX90 working, duplicate similar settings on to your MX, open up the firewall ports, and you should be good.
  There are plenty of threads in these forums that describe the ports required and the NAT configuration.
  Wayne
  Please remember to rate responses and to mark your question as answered if appropriate.

• Linksys WRT600N vs CISCO PIX 506E.... Firewall / Routing Performance

  Hi:
  I am new to the forum and was hoping to tap into some of your expertise. I have a Linksys WRT600N version 1.1 and I recently acquired a CISCO PIX 506E firewall. My question is what should I use as a firewall? Both have SPI etc. Should I:
  a) Use the 506E as a firewall and use the 600 as a wireless access point, or
  b) Use the 600 as a firewall and wireless access point.
  Do both routers have the same firewall routing performance? I want to use the storage feautre on the 600N, but if I do that and use it as a wireless access point the 600 can't get the proper time from the Internet, so my time for newly created folders and files shows they are 10 years old.
  Anyway, just thought I would post and find out what some of the experts thought and maybe someone from Linksys or CISCO. I know the 506E is discontinued and was manufactured around 2001 and the 600N is a new model.
  (Edited subject to keep threads from stretching. Thanks!)
  Message Edited by JOHNDOE_06 on 05-06-2008 10:41 AM

  The PIX is a real firewall. The WRT has a firewall which mostly protects the router itself. People prefer to buy a "SPI firewall router" instead of a simple "router" even though the router firewall does nothing or little to protect the LAN. The only firewall configurations on the WRTs you can usually do is on the Access Restrictions tab. But that's usually all. The LAN itself is not protected by the firewall. You would notice this if you had a public IP subnet and ran it through the WRT: the LAN would be fully exposed to the internet. Some routers have a few functions like protection against denial of service attacks or similar. But even then this often filters only the traffic targeted at the router and not the LAN.
  The common protection of your LAN you have on the WRT is because you use private IP addresses inside your LAN and the router does NAT. However, NAT is not a security mechanism but a mechanism to solve the problem that you can only have a single public IP address but want to use multiple computers, which is why you have to use private IP addresses. Current NAT implementations usually drop unsolicited incoming traffic because they don't know to which IP address in the LAN to send it to. But the notion of NAT is to deliver and to allow connectivity. This has nothing to do with security or a firewall.
  Thus, if you want to use a real firewall use the PIX. On the PIX you can configure the traffic which is allowed to enter the LAN and which not. It is far superior in this respect to the WRT. However, as it is a older model, I cannot tell how fast the PIX is. You should be able to find the old data sheets of the PIX somewhere on the cisco website. They should mention the possible throughput. I guess it won't be an issue.
  To me another point for the PIX are the VPN capabilities which allow you to securely access your LAN while you are on the road.
  Of course, you must know how to configure the PIX correctly. It is a complex device and can be configured pretty much for anything you like. This means of course if you do it wrong you may end up with little or no security.
  BTW, there are no people from linksys in this forums except the moderators (which may be from lithium). To hear from Linksys you have to contact Linksys support.

• How can I put my program behind a firewall or make it more secure?

  I have a client server program and I was reading through my notes. I had jotted down a recommendation to put it behind a firewall. However, I do not know how to do this in Java at all or even where to begin. How do I even create a firewall in Java?
  I'm also not sure if this is the security I need.
  This program is already running inside a network limited only to certain users. However, this particular program is limited only to two users. Also, the client runs on Unix and Windows machines accesible by many users in our project. I would not know how to create a firewall for just this program and just these two users.
  Right now my program is sorta like the basic client/server program examples given in the Java tutorials. It verifies the IP address of the client but like I said before anyone can be logged into that IP but only two users should be allowed to run the commands.
  Would a firewall even work in this case?

  However, I do not know
  how to do this in Java at all or even where to begin.
  How do I even create a firewall in Java? You don't.
  I'm also not sure if this is the security I need.I don't think so.
  I would not know how to create a firewall for just this
  program and just these two users.A firewall is not for restricting access to particular users of a network. It's for keeping unauthorized people out of the network entirely. What you should do is secure the server (how to do this depends on probably many factors), and use a username and password in the client app to control access. The client contacts the server, passing the credentials, and the server either grants or denies access. It's possible you would want to hash and salt the password, depending on how secure it needs to be.

• Connect Oracle 10g client to the Oracle 10g database behind a firewall

  I need to connect an Oracle 10g client to the Oracle 10g database (windows server 2003 box) behind a firewall. I ran into this problem: Port redirection. Port redirection requires the Oracle client to connect to the database using a different port (usually a randomly selected TCP port) than the default or originally configured one. If there is no firewall between the server and the client, port redirection will not affect the actual connection. However, if port redirection does occur with the server behind a firewall, the client will be likely to suffer from a connectivity failure. The reason is simple: the newly assigned port based on port redirection is often blocked by the firewall. Such failures are not uncommon on Windows platforms.
  I don't know how to stablished an unique TCP port.
  I Enabled USE_SHARED_SOCKET on the Oracle database server, windows registry. Acording to what I read,that will force the server machine to share its port 1521 and thus all clients will stay on that port when connecting to the database. Noticeably, port redirection will not occur with USE_SHARED_SOCKET enabled, but that's true in oracle 8 or oracle 9. In oracle 10g this solution doesn't work.
  I will apreciate any help about this. Please!
  Thanks in advanced.

  Three solutions in order of preference
  1 Use Connection Manager on the server (only installed using a Custom Install). This will tunnel all traffic through a single port. It will also allow you to configure allowable nodes
  2 Set up shared server to use a fixed port. Disadvantage: shared server has overhead and the number of connections is limited
  3 Use shared_sockets. Disadvantage: when you stop the listener everyone is disconnected.
  Sybrand Bakker
  Senior Oracle DBA

• Essbase-behind-the-firewall problem

  The essbase server (6.2) is behind the firewall. All the needed ports are open (according to support recomendations). I can log on, start and use the first application, but after i start the second one (no matter which) and try to save the outline or retrive the data in SS Add-In essbasey displays consecutive error messages:1) Invalid login id - please login again2) Invalid login id - request [EssGetClientSettings] failes3) Invalid login id - request [adListObjs] faied.Thus i can only use 1 application at a time %((.Please help.Alex

  The Excel Essbase addin was not designed to work nice with firewalls.. The new Essbase Spreadsheet Services was, however, designed to work through a firewall. Additionally, our product, ActiveOLAP for Essbase 2.0, was also designed to work through a firewall as well (and features a nearly exact Excel interface w/o using any Excel components (and without any Microsoft licensing issues).Tim TowApplied OLAP, Inc

• DNS request behind content switch: troubleshooting

  Hi, sometimes we experience problems resolving a dns name behind a content switch. The problem solves himself after 5 minutes or something like that. We see the dns request on the dns servers subnet. It looks like the is a problem when the packet returns. I'm thinking of a nat problem. How can i best troubleshoot this?

  Can i e-mail you the config file? I will also e-mail as soon as possible a network capture in front of the CSS. Where can i e-mail it? For the moment dns is working so i will have to wait for network capture untill it fails again.
  Kind regards,
  Frederik De Muyter
  [email protected]

• RPC-XML and JMXBeans works behind a firewall?

  Hi,
  i�m studing Java and have a question, RPC-XML and JMXBeans is possible to run this tecnologies in Internet??
  for example, if i have a J2EE server or a RPC-XML server and it is public for Internet, somebody can access to my services from his officce or house?
  JMXBeans i think that have some types of communications, as rmi, jndi or ldap but i dont know thar it works fine behind a firewall
  Sorry for my poor English, i�m studing it too

  Behrang Saeedzadeh <[email protected]> writes:
  If you are going through a firewall then you are best off using http
  tunneling for you client communication assuming the performance is
  acceptable. If you do this then you should have no problems. For an
  authenticating firewall with tunneled t3 you may need to provide
  credentials to get through. If you are using wlclient.jar then you may
  need to raise a support call since we don't currently support proxy
  auth with tunneling.
  andy
  Hi all
  I'm developing a Swing application that connects to an application server and uses EJBs for communicating with the server.
  My application works fine, now that it's not behind a firewall. Can my application also connect to the server when the client is behind a firewall? What if the client is behind a firewall that requires authentication?
  If the answer to the above questions is no, could someone please tell me what do I have to do in order to guarantee that my application also works behind a firewall (or an authenticating firewall.)
  Best Wishes,
  Behrang S.--

• JMXBeans and RPC-XML works behind a firewall???

  Hi,
  i�m studing Java and have a question, RPC-XML and JMXBeans is possible to run this tecnologies in Internet??
  for example, if i have a J2EE server or a RPC-XML server and it is public for Internet, somebody can access to my services from his officce or house?
  JMXBeans i think that have some types of communications, as rmi, jndi or ldap but i dont know thar it works fine behind a firewall
  Sorry for my poor English, i�m studing it too

  Behrang Saeedzadeh <[email protected]> writes:
  If you are going through a firewall then you are best off using http
  tunneling for you client communication assuming the performance is
  acceptable. If you do this then you should have no problems. For an
  authenticating firewall with tunneled t3 you may need to provide
  credentials to get through. If you are using wlclient.jar then you may
  need to raise a support call since we don't currently support proxy
  auth with tunneling.
  andy
  Hi all
  I'm developing a Swing application that connects to an application server and uses EJBs for communicating with the server.
  My application works fine, now that it's not behind a firewall. Can my application also connect to the server when the client is behind a firewall? What if the client is behind a firewall that requires authentication?
  If the answer to the above questions is no, could someone please tell me what do I have to do in order to guarantee that my application also works behind a firewall (or an authenticating firewall.)
  Best Wishes,
  Behrang S.--

• Installing Iplanet web server and directory server behind a firewall

  When installing iplanet web server and directory server behind a firewall - should the interal ip address be used or the external ip address?

  Hello,
  When you are installing iplanet web server behind a firewall,you should use the internal ip address in the firewall.
  1. The external ip address connection to the Internet. The type of IP address used?dynamic (commonly used for standard
  modems) or static (commonly used for cable modems) is dictated by the ISP to which you connect and the type of service it provides.
  2. The internal ip adress connection. This connection must be a static IP assignment, and it must be assigned by you.
  obviously it depends on the type of firewall setup you have.
  Thanks
  Selva