I don't think the problem is the firewall itself, just the fact that you're using NAT.
The DNS records are going to be set to the IP(s) that your computer is using. Since you're running NAT, it's a private, internal IP.
If you're not planning on adding more clients, you might be able to make it work by doing what you've been doing: manually adjusting the DNS records. But if you plan on hosting more people, you might find it's a lot more sane to ditch NAT.
In my opinion, NAT and a firewall are two totally different things. A firewall is for security, and NAT is a 'trick' to let multiple computers share one external IP. I have no experience with a PIX, so I couldn't begin to tell you how to configure it.
You can (in fact, it's generally regarded as the "right" way to set up a firewall) configure a firewall to block everything except certain ports that you open up. This doesn't require that you use NAT.
Why are you hosting a real server from behind NAT?
People always get confused with NAT's and Firewalls, they are two ENTIRELY different things, don't get them confused.
A NAT has one use, and that's to allow many people with a private IP to share one public IP, this is DEFINATELY not what you want to be doing in a hosting environment.
Remember a Firewall isn't even a router, it's a transparent box that simply sits between you and the internet, and unless you've seen it you wouldn't even know it was there. The way you've got it set up, people can see it, and it's vulnerable
Cisco boxes are pretty solid firewalls, and you can block whatever you need to with them port wise. To me though it does sound like you don't know what you're doing network wise, in which case I suggest you hire a CCNA to sort your firewall and server out for you - if you do firewall yourself out of your network it's going to cost you a lot to put it back.
█ Dan Kitchen | Technical Director | Razorblue
█ ddi: (+44) (0)1748 900 680 | e: [email protected]
█ UK Intensive Managed Hosting, Clusters and Colocation.
█ HP Servers, Cisco/Juniper Powered BGP Network (AS15692).
Originally posted by jong85 I understood that but when I asked about taking out NAT. it can not be(from tech support guys). They said it come with NAT.
Is that true?
CISCO PIX 501
Voicegateway.com Web Services - High-performance Hosting & Fully Managed Servers
Specializing in Virtual Machine Hosting with Microsoft Virtual Server 2005 R2, Windows SharePoint Services, Microsoft SQL Server 2005, ASP.NET 2.0 hosting and Newsletter/Mailing list services