Results 1 to 9 of 9
  1. #1
    Join Date
    Jun 2005
    Location
    San Diego, CA, USA
    Posts
    213

    Having troubles with HW Firewall CISCO PIX 501 and CPanel/WHM

    I am providing web hosting to people and recently I installed CISCO PIX 501 in other server. But I am having trouble with NAT.

    I am using firewall like this (BY NAT)

    Server - Firewall - PUBLIC
    Private_IP-Firewall-Public_IP or Public_IP_A-Firewall-Public_IP_B

    This make trouble with Cpanel/WHM. I have to edit DNS FILES Everytime when I create some account with Domain. I don't know what to do? Is there anyway I can use firewall like

    Public_IP_A-Firewall-Public_IP_A ?

    Or is there any suggestions for using CPANEL/WHM with Firewall CISCO PIX 501?

  2. #2
    Join Date
    Jun 2002
    Posts
    1,376
    I don't think the problem is the firewall itself, just the fact that you're using NAT.

    The DNS records are going to be set to the IP(s) that your computer is using. Since you're running NAT, it's a private, internal IP.

    If you're not planning on adding more clients, you might be able to make it work by doing what you've been doing: manually adjusting the DNS records. But if you plan on hosting more people, you might find it's a lot more sane to ditch NAT.

  3. #3
    Join Date
    Jun 2005
    Location
    San Diego, CA, USA
    Posts
    213
    Is that able to take out NAT with using Firewall?

  4. #4
    Join Date
    Jun 2002
    Posts
    1,376
    Where are you hosting?

    In my opinion, NAT and a firewall are two totally different things. A firewall is for security, and NAT is a 'trick' to let multiple computers share one external IP. I have no experience with a PIX, so I couldn't begin to tell you how to configure it.

    You can (in fact, it's generally regarded as the "right" way to set up a firewall) configure a firewall to block everything except certain ports that you open up. This doesn't require that you use NAT.

  5. #5
    Join Date
    Jan 2004
    Location
    North Yorkshire, UK
    Posts
    4,163
    Why are you hosting a real server from behind NAT?

    People always get confused with NAT's and Firewalls, they are two ENTIRELY different things, don't get them confused.

    A NAT has one use, and that's to allow many people with a private IP to share one public IP, this is DEFINATELY not what you want to be doing in a hosting environment.

    Remember a Firewall isn't even a router, it's a transparent box that simply sits between you and the internet, and unless you've seen it you wouldn't even know it was there. The way you've got it set up, people can see it, and it's vulnerable

    Cisco boxes are pretty solid firewalls, and you can block whatever you need to with them port wise. To me though it does sound like you don't know what you're doing network wise, in which case I suggest you hire a CCNA to sort your firewall and server out for you - if you do firewall yourself out of your network it's going to cost you a lot to put it back.

    Dan

  6. #6
    Join Date
    Jun 2005
    Location
    San Diego, CA, USA
    Posts
    213
    I understood that but when I asked about taking out NAT. it can not be(from tech support guys). They said it come with NAT.

    Is that true?

    CISCO PIX 501

  7. #7
    Join Date
    Apr 2001
    Posts
    542
    Try RTFM first.  Look for example configurations. Here's a good list to start:

    http://www.cisco.com/en/US/products/...ples_list.html

    Originally posted by jong85
    I understood that but when I asked about taking out NAT. it can not be(from tech support guys). They said it come with NAT.

    Is that true?

    CISCO PIX 501
    Voicegateway.com Web Services - High-performance Hosting & Fully Managed Servers
    Specializing in Virtual Machine Hosting with Microsoft Virtual Server 2005 R2, Windows SharePoint Services, Microsoft SQL Server 2005, ASP.NET 2.0 hosting and Newsletter/Mailing list services

  8. #8
    Join Date
    Jun 2005
    Location
    San Diego, CA, USA
    Posts
    213
    I todl it about my tech support guys(thePlanet), they told me CISCO PIX 501 firewall have to use with NAT.

    So it's like when I access to IP1(public) it will link to IP1(private).

    And they told me that is NAT.

    What should I do? is that true?

  9. #9
    Join Date
    Sep 2002
    Location
    Nashville, TN
    Posts
    237
    This is a double post. I posted a solution on the other thread: http://www.webhostingtalk.com/showth...hreadid=419461

    -Chris

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •