Domain not accessible from Internal Network



  • Attached you can find my network. I am not able to connect my domain from zone 2. Do I have to do something for accessing mydomain.com from zone 2?


  • LAYER 8 Global Moderator

    First thing I would ask is are you doing NAT at firewall 2.

    Second thing I would ask is how does computers in Zone 1 know to access 10.10.1.26 to get to zone 2?  Do you have host routing setting?

    Normally you connect routers together directly – looks like your firewall2 interface connected to zone 1 is just some client IP just like any other box in zone 1?



  • No I am not doing any NAT in firewall 2. No need access to zone 2.
    Actually I need DHCP server enabled for Wireless Connection in my Institution for the visitors. But I can't enable it in zone 1 as our coworkers are in this zone. As a result Static IP is enabled in zone 1 and DHCP is enabled in zone 2.
    Thank you for your kind cooperation.


  • LAYER 8 Global Moderator

    Well if your not doing NAT,

    How do you expect it to work in how I understand your configuration.

    Does firewall 1 have a route to 10.10.10.x ?

    So lets say box on the 10.10.10 gets ip 10.10.10.47 and his gateway is firewall 2 at 10.10.10.254.  This fw2 says ok I don't have any interfaces on where your trying to go public IP..  So let me send it to my gateway (fw1) at 10.10.1.254.  BTW I assume you have a /24 or something these networks to distinguish these 10.10.10 and 10.10.1 networks?

    Now does fw1 lan rule allow traffic on its lan from that network?  Even if it does and says OK, lets send on that traffic to the public IP.  When the response comes back - where is fw1 suppose to send it..  Even if he has state in his nat table that hispublic relates to 10.10.10.47

    He doesn't have any interfaces in that network - so why would he know to send it back to 10.10.1.26 ?

    Lets say your trying to access host in 10.10.1.x at .56 – so fw2 sends on that traffic and the host at 10.10.1.56 gets it.  But he is going to say well 10.10.10.47 is not on my network - so he sends his response to his gateway fw1 -- fw1 says, I don't have any network or route for 10.10.10 - so he would just send on that traffic to his gateway (internet)

    So you can either do NAT at your fw2 so any traffic behind it just looks like traffic from the 10.10.1 network - or you need to configure the routing for that network on fw1 or hosts in 10.10.1 to know how to get to 10.10.10

    If you using masks so that both 10.10.1 and 10.10.10 look to be on the same network, say a /8 or /16 then you have other issues where its not going to work either.  Because traffic at fw1 from 10.10.10 is going to look like its local to fw1 interface and again it would never send responses to fw2 interface in zone 1


Log in to reply