[CentOS] firewall dilemma

Wed Nov 2 17:55:19 UTC 2005
JC <hiep at ee.ucr.edu>

On Wed, 2 Nov 2005, Jim Bartus wrote:

> JC wrote:
> >  For example: I have web server (used internal ip 10.1.1.10) behind the
>>  firewall, internal network can access this web server with
>>  http://10.1.1.10, but they can't access http://www.mydomain.com.  Assume
>>  that I have static IP (xxx.xxx.xxx.xxx) maps to 10.1.1.10 and dns record
>>  www.mydomain.com points to xxx.xxx.xxx.xxx
>>
>>  What I want is to allow users inside the network be able to access
>>  http://www.mydomain.com instead of http://10.1.1.10
>>
>>  Here is my question:
>>  should I change the rule of the firewall?  If so, is there a security
>>  risk?
>
> What kind of firewall?  You should be able to add a simple rule that permits 
> incoming traffic from your non-NAT'd IP range.  Is your firewall also your 
> gateway/router or is there a separate device?  Where is the NAT occurring?
>

I have CISCO PIX 515E.  My DSL modem -> firewall -> router -> computers. 
That's all i have, no other device.  Now, can u show me what command I 
should  use to permit incoming traffic that originates from internal 
network???

For now, i just use this method.  Is there any security risk involves in 
this method?

I never setup DNS server before and have very little knowledge on DNS, so 
I don't want to use internal DNS for now, but I'll learn more about it. 
For know, I just want to get this problem solves.  Thank you for all you 
help.

JC