how can I ping my external DNS inside the firewall? I
have no problem outside. What do I have to do?
Thanks,
David
Many 'firewalls' don't allow the ICMP protocol (used by
ping and tracert) so if you want to check a DNS server
use NSLookup (it's built in) or another tool that queries
DNS directly.
nmap is also worth having http://www.insecure.org as it
can find all sorts of ways to do 'sneaky' substitutes for
ping.
Another advantage of using NSLookup with a DNS server
is that you prove not only is the MACHINE alive but the
DNS server is able to answer.
Herb Martin
He...@LearnQuick.Com
--
Kevin D4 Dad Goodknecht Sr.
--
HTH
++++++++++++++++++++++++++++++++++++++++++
Post back your results so everyone is assisted
==========================================
http://www.lonestaramerica.com/
==========================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
==========================================
In news:0af801c31baf$d5e50a50$a501...@phx.gbl,
D.O <gran...@yahoo.com> posted :
Sidney Marques
"D.O" <gran...@yahoo.com> wrote in message
news:0af801c31baf$d5e50a50$a501...@phx.gbl...
Yes, this is unclear.
Are you trying to ping the external interface address of your PIX? If so,
it's a NAT limitation that NAT (Pix in this case) cannot respond to a
request from the internal interface to it's own external interface.
If this is not the scenario, please elaborate to better help out.
--
Regards,
Ace
Please direct all replies to the newsgroup so all can benefit.
Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
--
=================================
--
William Stacey, DNS MVP
"Ace Fekay [MVP]" <PleaseSubstituteMyFirstName&LastNa...@hotmail.com>
wrote in message news:%234yg3dy...@tk2msftngp13.phx.gbl...
Thanks William. :-)
I've seen this to be a common problem of "why can't it work?" Unfortunate
for NAT to have this limitation, but then NAT wouldn't be able to do it's
function properly otherwise. Hence the need for two nameservers in such a
scheme. That is if this is the scenario D.O. is talking about.