Re:Solaris and PIX question

From: Rob (rob_at_hotmail.com)
Date: 03/15/05 

Date: Tue, 15 Mar 2005 10:15:29 -0500

Hi,

Recently I replaced my old firewall with a Cisco PIX one, and translated all
commands, now everything seems to be fine except I cannot get out from my
Sun 5.8 (no ping and traceroute outside), also I cannot open a page (port
80)on this box from outside, this is the only Unix based machine I have, and
all other servers and workstations are Windows and they seem to be fine. I
deleted the mac address for the old firewall using arp -d but didn't work.
Does anyone know how to fix this problem?

Thanks in advance for any help.

PS. A Cisco expert checked my firewall settings and said it is fine! 

----
Dave Uhring" <daveuhring@yahoo.com> wrote in message
news:pan.2005.03.14.23.06.25.855232@yahoo.com...
> On Mon, 14 Mar 2005 17:09:34 -0500, Rob wrote:
>
> > I used the exact IP scheme, so all IPs and default route are the same,
on
> > Sun box the defaultrouter points to internal interface of firewall.
>
> Post the outputs of:
>
> # ifconfig -a
> # netstat -nr
> # cat /etc/resolv.conf
> # grep hosts /etc/nsswitch.conf
>
> Now post the output on one of your Windows boxes of
>
> C:>\ ipconfig /all
----------------
I checked all settings the only different is DNS.I had only 1 DNS server in
resolv.conf, which is a win2k internal server(10.10.5.2) on a VPN
connection, so if this the  problem, I need to add more external DNS server,
actually I added 2 more external DNS to my resolv.conf file, but it only
checks the first DNS and if it cannot resolve using that one, it returns an
error, (so for example if the first DNS is the external one it wont resolve
internal IPs).
Is there any way to force it to check next DNS entry as well in case the
first one could not resolve the requested IP?
Thanks again-Rob
# grep hosts /etc/nsswitch.conf
# "hosts:" and "services:" in this file are used only if the
hosts:      files dns
#
# ifconfig -a
lo0: flags=1000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4> mtu 8232 index 1
        inet 127.0.0.1 netmask ff000000
eri0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
        inet 192.231.247.65 netmask ffffff00 broadcast 192.231.247.255
        ether 0:3:ba:17:f1:b2
# cat /etc/resolv.conf
nameserver 10.10.5.2

Relevant Pages

  • Re: Need Help from DNS Expert on Subdomain DNS Records
    ... When you use nslookup to resolve these names do you get the correct internal ... domain from within and outside our firewall. ... public IP to point to the same private IP, ... You need to verify that the all DNS servers assigned to a the DNS Client be ...
    (microsoft.public.windows.server.dns)
  • Website setup questions.
    ... Create firewall rule to direct HTTP port 80 to the SBS External NIC ... Create firewall rule to point DNS port 53 to the SBS External NIC ... NICS to get this request to not timeout or be refused. ...
    (microsoft.public.windows.server.sbs)
  • Re: For Microsoft Partners and Customers Who Cant Download or Access
    ... Using ipconfig /all showed the DNS IP is in fact the same IP ... as the firewall as you mentioned. ... Microsoft for msdn2.microsoft.com. ... use a static IP and set the DNS server addresses to the DNS ...
    (microsoft.public.dotnet.general)
  • Re: Setting another machine as a firewall
    ... I don't think a firewall is really the right technology to ... The alternative to implementing a proxy mail server on your firewall ... internet, then that is just a matter of writing filter rules to allow ... As far as DNS goes, combining a NAT'ing firewall with a mailserver on ...
    (freebsd-questions)
  • Re: loss of SOME connectivity
    ... I "think" it is DNS. ... Yes, I can ping the router, AND the ISP DNS. ... I cannot connect the inet cable directly to the server because the inet is ... MS firewall not started. ...
    (microsoft.public.windows.server.sbs)