Some one tell me what's going on please :)
I have a client on the 192.168.5.0/24 network and a server on the 172.17.1.0/24 network..
if I run a ping from the Linux client to 172.17.1.11
I get
So it's is still seeing the Correct IP address, and both the domain name and the IP address will work when browsing the website.
But why does the second one see the domain name of the ISP's fire wall which is outside the network? There is even a policy on the fire wall to block internal IP address talking across the inside / outside boundry?
Any ideas ?
Aaron
if I run a ping from the Linux client to 172.17.1.11
I get
aaron@pch03065:~$ ping 172.17.1.11 PING 172.17.1.11 (172.17.1.11) 56(84) bytes of data. 64 bytes from 172.17.1.11: icmp_seq=1 ttl=63 time=5.71 ms 64 bytes from 172.17.1.11: icmp_seq=2 ttl=63 time=0.668 ms 64 bytes from 172.17.1.11: icmp_seq=3 ttl=63 time=0.690 mshowever if I
aaron@pch03065:~$ ping uk.test.com PING uk.test.com (172.17.1.11) 56(84) bytes of data. 64 bytes from XXXX-78474-net-adsl-01.altohiway.com (172.17.1.11): icmp_seq=1 ttl=63 time=0.971 ms 64 bytes from XXXX-78474-net-adsl-01.altohiway.com (172.17.1.11): icmp_seq=2 ttl=63 time=0.675 ms 64 bytes from XXXX-78474-net-adsl-01.altohiway.com (172.17.1.11): icmp_seq=3 ttl=63 time=0.680 ms 64 bytes from XXXX-78474-net-adsl-01.altohiway.com (172.17.1.11): icmp_seq=4 ttl=63 time=0.692 ms 64 bytes from XXXX-78474-net-adsl-01.altohiway.com (172.17.1.11): icmp_seq=5 ttl=63 time=0.715 ms 64 bytes from XXXX-78474-net-adsl-01.altohiway.com (172.17.1.11): icmp_seq=6 ttl=63 time=0.656 ms
So it's is still seeing the Correct IP address, and both the domain name and the IP address will work when browsing the website.
But why does the second one see the domain name of the ISP's fire wall which is outside the network? There is even a policy on the fire wall to block internal IP address talking across the inside / outside boundry?
Any ideas ?
Aaron
- If you can't explain it simply, you don't understand it well enough. Albert Einstein
- An arrow can only be shot by pulling it backward. So when life is dragging you back with difficulties. It means that its going to launch you into something great. So just focus and keep aiming.
Linkin Profile - Blog: http://Devilwah.com
Comments
-
chmorin
Member Posts: 1,446 ■■■■■□□□□□
I have a client on the 192.168.5.0/24 network and a server on the 172.17.1.0/24 network..
if I run a ping from the Linux client to 172.17.1.11
I getaaron@pch03065:~$ ping 172.17.1.11 PING 172.17.1.11 (172.17.1.11) 56(84) bytes of data. 64 bytes from 172.17.1.11: icmp_seq=1 ttl=63 time=5.71 ms 64 bytes from 172.17.1.11: icmp_seq=2 ttl=63 time=0.668 ms 64 bytes from 172.17.1.11: icmp_seq=3 ttl=63 time=0.690 ms
however if Iaaron@pch03065:~$ ping uk.test.com PING uk.test.com (172.17.1.11) 56(84) bytes of data. 64 bytes from XXXX-78474-net-adsl-01.altohiway.com (172.17.1.11): icmp_seq=1 ttl=63 time=0.971 ms 64 bytes from XXXX-78474-net-adsl-01.altohiway.com (172.17.1.11): icmp_seq=2 ttl=63 time=0.675 ms 64 bytes from XXXX-78474-net-adsl-01.altohiway.com (172.17.1.11): icmp_seq=3 ttl=63 time=0.680 ms 64 bytes from XXXX-78474-net-adsl-01.altohiway.com (172.17.1.11): icmp_seq=4 ttl=63 time=0.692 ms 64 bytes from XXXX-78474-net-adsl-01.altohiway.com (172.17.1.11): icmp_seq=5 ttl=63 time=0.715 ms 64 bytes from XXXX-78474-net-adsl-01.altohiway.com (172.17.1.11): icmp_seq=6 ttl=63 time=0.656 ms
So it's is still seeing the Correct IP address, and both the domain name and the IP address will work when browsing the website.
But why does the second one see the domain name of the ISP's fire wall which is outside the network? There is even a policy on the fire wall to block internal IP address talking across the inside / outside boundry?
Any ideas ?
Aaron
Do you have an internal DNS? I don't know much about DNS, but it might have something to do with if you are pointing to a non-internal DNS and use the hostname.Currently PursuingWGU (BS in IT Network Administration) - 52%| CCIE:Voice Written - 0% (0/200 Hours)mikej412 wrote:Cisco Networking isn't just a job, it's a Lifestyle. -
APA
Member Posts: 959
dodgy dns A record... by the looks of things.....
Confirm it by looking up the A record....
dig @(server) XXXX-78474-net-adsl-01.altohiway.com
and the reverse lookup may not have been setup.... try this.... and see whether the reverse lookup comes up with the same name...but via PTR record...
Linux = dig -x 172.17.1.11
Seeing as the forward resolves to that address... I dare say you have some DNS records that may need cleaning up... or there could be a legitimate purpose someone has placed that record in the DNS zone.
CCNA | CCNA:Security | CCNP | CCIP
JNCIA:JUNOS | JNCIA:EX | JNCIS:ENT | JNCIS:SEC
JNCIS:SP | JNCIP:SP -
DevilWAH
Member Posts: 2,997 ■■■■■■■■□□
AHHH....
yes, I am using a DNS forwarder to resolve the DNS requests for clients. (Router/Bridge Firewall Linux) and I assume this is messing up the records some what.
But now it makes sence. It is resolving to an extranal DNS server and getting DNS packet re-writes so I can assume this is messing it up some where
Now I know I have a look to see what can be done. However not to important to worry about.
Cheers..- If you can't explain it simply, you don't understand it well enough. Albert Einstein
- An arrow can only be shot by pulling it backward. So when life is dragging you back with difficulties. It means that its going to launch you into something great. So just focus and keep aiming.
Linkin Profile - Blog: http://Devilwah.com -
DevilWAH
Member Posts: 2,997 ■■■■■■■■□□
Solution was easy create an reverse zone on the internal DNS server for the 172.17.1.X network.
then either leave out the address completely or add a recourd with the correct name. Cheers - If you can't explain it simply, you don't understand it well enough. Albert Einstein
- An arrow can only be shot by pulling it backward. So when life is dragging you back with difficulties. It means that its going to launch you into something great. So just focus and keep aiming.
Linkin Profile - Blog: http://Devilwah.com