JC wrote: > For example: I have web server (used internal ip 10.1.1.10) behind the > firewall, internal network can access this web server with > http://10.1.1.10, but they can't access http://www.mydomain.com. Assume > that I have static IP (xxx.xxx.xxx.xxx) maps to 10.1.1.10 and dns record > www.mydomain.com points to xxx.xxx.xxx.xxx > > What I want is to allow users inside the network be able to access > http://www.mydomain.com instead of http://10.1.1.10 > > Here is my question: > should I change the rule of the firewall? If so, is there a security risk? What kind of firewall? You should be able to add a simple rule that permits incoming traffic from your non-NAT'd IP range. Is your firewall also your gateway/router or is there a separate device? Where is the NAT occurring? -jim