1. Home
  2. Networking Firewalls
  3. watchguard x500 loopback

watchguard x500 loopback

I recently got a domain...www.mydomainname.com for discussion purposes. This domain points to the external public ip of my firebox and port 80 is nated throught to an internal web server. If I browse to

formatting link
from a computer outside my firewall everything is ok, but If I browse to it from a computer within the network it does not work. I think this has to do with "loopback" but I'm not sure. In the traffic monitor on the firefox it shows something like this when I try to browse from the internal pc:

05/16/06 10:06 http-proxy[4395]: [:1662 :80] Error while sending/receiving: Can't receive data from server (Connection refused)

The tracert from the internal pc looks like this:

Tracing route to

formatting link
[] over a maximum of 30 hops:

1
Reply to
deciacco
Loading thread data ...

I've never seen "loopback" work on any Firebox, and I don't even think it's an option. I've put in about 80 of them over the last couple years and always used an internal DNS server to resolve the public names to the local network addresses so that it never has to loopback.

Reply to
Leythos

Leythos... Thanks for the reply... I've been trying this in the windows 2k3 dns server but doesn't seem to work.

I add a New Zone to the Forward Lookup Zones. I make it a primary zone and don't store it in active dir. I give the zone a name like mydomainname.com and I store it in a new file with that name. I do not allow dynamic updates. I then add a new host (A) called "www" so I get

formatting link
as the FQDN. I then give it the internal ip address of the server handling
formatting link
and i do not create an associated pointer record.

The workstations are configured to use the server as the primary dns server and if I run nslookup for

formatting link
it checks out ok, but when i try to bring up
formatting link
in the browser it doesn't work. It still trys to go to the outside address like before as if the dns record did not exist. If I repair the windows xp connection and then I try to browse to the site it works. If I restart my computer however all is lost and I can't navigate to the site anymore. If I add another host record like intranet (intranet.mydomainname.com) I noticed that sometimes www works while intranet doesn't and vice versa. i have another zone on the dns server called mit.local and it has all the records in it for the workstations on the network. I don't know if this is causing a conflict.

Any suggestions?

Thanks!

Reply to
deciacco

Are you assigning the workstations with the DNS Server for your LAN only? You should not have a external DNS IP Address on any of your workstations and not in the DHCP Scope. Your DNS server should have a forwarder that points to your public DNS.

the domain name of "mydomain.com" should point to an internal IP, then subrecords (A) for www, FTP, and any others that you want.

None of the computers inside the LAN should be able to access a public DNS.

IPCONFIG /FLUSHALL is your friend

Reply to
Leythos

Thanks for you help... My dhcp was set to give my dns as the primary and the public dns as the secondary. I put a forwarder on my dns server and removed the secondary from the dhcp. That seemed to fix everything...

(I did not see an ipconfig /flushall but a flushdns...for other readers...)

Thanks a million!!!

Reply to
deciacco

Glad to know you got it with that fix, it's actually a very common mistake.

Also, having already worked about 3 weeks of 16 hour days, I made that mistake with the /Flushall, glad you caught it.

Reply to
Leythos

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.