Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
549 Views 3 Replies Latest reply: Feb 12, 2013 12:44 PM by cphillipsmcp RSS
cphillipsmcp Newcomer 4 posts since
Feb 12, 2013
Currently Being Moderated

Feb 12, 2013 9:25 AM

Rule for Internal Website

Here’s the scenario: I have an internal website (privateaddress) with an external presence. Before yesterday, we used a proxy for all web-based traffic; Getting to the external address of the site worked flawlessly using a proxy within the browser. Without the proxy setting, the external address of the website is a quick page cannot be displayed.

At this point, I realized I would need to create a new rule,maybe more. I thought the rule would be fairly simple, but it escapes me why it’s not working completely. The rule I created allows the ‘internal’ https-traffic directed to the specific external IP address to be redirected to the local IPaddress. After adding the rule, I tested; the browser spins n’ spins, but eventually times out.  Checking the firewall logs does not generate anything of note. It logs a notification (5) of the netraffic between the internal client and external IP, and the other between internal client and internal website. 

At this point, it’s unclear to me why I cannot view the website from its external address (or name). The site is fully viewable from the client trying to connect using its private address (internal to internal).

 

Any help trying to figure out a solution for allowing this communication  is much appreciated.

 

 

MFE: 7.0.1.03

  • PhilM Champion 528 posts since
    Jan 7, 2010
    Currently Being Moderated
    1. Feb 12, 2013 10:17 AM (in response to cphillipsmcp)
    Re: Rule for Internal Website

    If you have a search through this forum I think you will find one of the McAfee guys answered a request very similar to this.

     

    To be honest, when I went through my Firewall training back in the late 90's, this type of connection was considered to be extremely odd and the original Firewall product I was trained on (Borderware, at one point a Secure Computing-owned product), it wasn't actually possible to have traffic originate on the LAN side, pass through the Firewall, hit an IP address on the external interface and be redirected back in again. The firewall would react in a "why on earth are you trying to do that?!" manner.

     

    On that basis, though while this is considered normal behaviour some of the other Firewalls I work with, I have tended to adopt my original teachings. Using DNS you should be able to access the web site using its hostname. When on your internal network the host should resolve to the site's private address (meaning that the traffic never needs to try and traverse the Firewall) and when the user is outside, the same URL will resolve the to appropritate external/publix IP address (which would then pass through the Firewall quite normally).

     

    Is there any reason why, when you are using a client on your internal LAN, you would want to access the site using its public IP address?

     

    -Phil.

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points