On 11/2/05, JC <hiep at ee.ucr.edu> wrote: > On Wed, 2 Nov 2005, Jim Bartus wrote: > > > JC wrote: > > > For example: I have web server (used internal ip 10.1.1.10) behind the > >> firewall, internal network can access this web server with > >> http://10.1.1.10, but they can't access http://www.mydomain.com. Assume > >> that I have static IP (xxx.xxx.xxx.xxx) maps to 10.1.1.10 and dns record > >> www.mydomain.com points to xxx.xxx.xxx.xxx > >> > >> What I want is to allow users inside the network be able to access > >> http://www.mydomain.com instead of http://10.1.1.10 > >> > >> Here is my question: > >> should I change the rule of the firewall? If so, is there a security > >> risk? > > > > What kind of firewall? You should be able to add a simple rule that permits > > incoming traffic from your non-NAT'd IP range. Is your firewall also your > > gateway/router or is there a separate device? Where is the NAT occurring? > > > > I have CISCO PIX 515E. My DSL modem -> firewall -> router -> computers. > That's all i have, no other device. Now, can u show me what command I > should use to permit incoming traffic that originates from internal > network??? > > For now, i just use this method. Is there any security risk involves in > this method? > > I never setup DNS server before and have very little knowledge on DNS, so > I don't want to use internal DNS for now, but I'll learn more about it. > For know, I just want to get this problem solves. Thank you for all you > help. > Pix provides a solution for this dilemma the alias command: http://www.cisco.com/warp/public/110/alias.html If I understand your situation correctly this section specifically has what you need: http://www.cisco.com/warp/public/110/alias.html#backinfo -- Leonard Isham, CISSP Ostendo non ostento.