DNS through NAT problem

DNS through NAT problem

Post by Carsten Gramme » Sat, 20 Nov 1999 04:00:00



Hi folks,

I want to setup a FW1 with 3 zones: Internet, Intranet and corporate network.
forget about the DMZ for the moment as it does not really matter for my
question. To make things more complicate, both Intranet and Corporate
network have potentially overlapping inofficial address ranges, say 192.168.x.x
in the CN and a mix of 192.168.x.x and 172.*.*.* in the intranet. You may
guess it's not a really small company.

In order to be able to access the CN from the intranet I want to use static
NAT mapping 192.168.x.x (CN) to be visible from the intranet as 172.16.x.x
(x.x being unchanged by NAT). The range 172.16.*.* is not used for intranet
hosts and can therefore be used without problems.

There is one Class C net 192.168.10.* in the CN reserved for internal hosts
of our company that have to be visible from the CN. Calls from inside the
intranet to the CN should have their source address translated to one of
these addresses.

I suppose this all can be done with FW1 and NAT. Any hint of HOW to do it
would be helpful.

There is a central DNS server in the CN
providing information about all hosts visible within the CN. The hosts in
our part of the CN are made visible through a DNS server placed in the CN
zone of our network (having a 192.168.10.* address).

Assume in the CN there is a host www.corporate.net 192.168.47.11.
Now the intranet workstation
172.17.48.12 wants to communicate with this host. It is visible from inside
the intranet as 172.16.47.11. Will a DNS request from 172.17.48.12 for
"www.corporate.net" return "192.168.47.11" or "172.16.47.11"? Of course I want
the latter. That means in other words, are the contents of DNS request
answer packets convertet thru the FW1s NAT feature or not?

I am quite sure any of the cracks can give me a hint in which way to access
this.

Thanks,
Carsten.

--
*********************************************************************

Tel ++49 6897 935-0

I want to die peacefully in sleep like my grandfather.  
Not screaming in terror like his passengers.

 
 
 

1. Problem with NAT/DHCP/DNS on Windows 2000

I just got myself a Cisco 600 router that I'm using mainly as a firewall.
It sits between a cable modem, and a PC running Windows 2000
Professional.  I have a problem running both DHCP and NAT on the
router.

I run DHCP client and server on the router.  It then assigns an IP
address to my PC that changes (sometimes) if I reboot the PC.

I also run NAT on the router.  Since my PC's IP address changes, I
have to keep changing the NAT settings on this router.

My partial solution: I run DHCP client only on the router.  Then I
assign a permanent IP address to the PC.  The problem with this
solution is that now the router doesn't propagate any DNS server IP
addresses to the PC.  I have to discover what DNS servers are in use,
and manually type the IP addresses of these servers into Windows 2000
on my PC.  The problem with this solution is that my cable ISP could
change DNS servers on me.  If they want me to use different DNS
servers, I would like to do so, and automatically.  I want to be a
good customer, and I also want to take advantage of any load balancing
that the ISP does.

Thanks in advance for any suggestions.
--
David Arnstein      

2. Per-session cookies

3. Winroute 5 Problem :DNS or http Problem ?!

4. Eudora as Defalt with Netscape

5. Raptor Mobile thru a NAT'd Linksys (BEFSR41)

6. Darndest weirdness I've seen yet...

7. No host header hosting thru NAT - Business or technical decision?

8. FS: Symantec C++ $50

9. B.O. thru firewall with NAT

10. Multiple IPsec connections thru NAT gateway

11. SSH thru Pipeline 75 w/ NAT (Network Address Translation)

12. DNS behind NAT.

13. NAT & DNS