CURL, CISCO Firewall and subdomains...experts needed.

[sbritton]

I have a problem that I have been tearing my hair out.  This is what I have:

 

http://subdomain.url.com    IP 2.2.2.2

Cisco PIX firewall                IP 1.0.0.1

 

I have a PHP program (parent.php) that needs to use CURL or FOPEN (with HTTP wrapper) to read a file on my same server (child.php).  The problem is that when I use CURL or FOPEN to get the file, it essentially timesout...never finding the file.  I use the same code on my development server (http:/dev.url.com) and it works perfectly only difference is there is no firewall on that server.  (They are all UNIX PHP 5+ servers).

 

What I'm realizing is that the parent.php code on the production machine is trying to CURL to "http://subdomain.url.com/child.php" but the domain is being translated to the pubic ip (2.2.2.2).  When in reality because we are behind the firewall for both the call and the receive it should be trying to go to the firewall (1.0.0.1).

 

I considered using the IP address in the CURL as "http://1.0.0.1/child.php" HOWEVER the code is on a subdomain and can't be referenced like this.

 

SO....the question I have is there must be a way to configure the server such that when it translates the IP correctly accounting for the Firewall.  Or...there shold be a way to configure the firewall to just pass these through.

 

 

[JonnoTheDev]

This is not a PHP issue. If the URL "http://subdomain.url.com/child.php" is resolving to 2.2.2.2 then this needs to be accessible through the firewall. You may have an internal DNS issue

[sbritton]

This is not a PHP bug, but rather I'm looking for help from others who may know a PHP workaround that most likely would involve some kind of configuration of the Firewall (above my head) or ideally a PHP technique that I'm not aware of.

 

There might be other ways that may help, like using a CURL proxy or other techniques that a few smart folks out there can help with.  I'm just hoping someone who has enough experience with PHP, UNIX, Firewalls and NAT configuration might give me a clue.

 

Really what this boils down to whatever method I use, it can't rely on the translation of the URL to and IP because the firewall prevents that.  However at the same time, I need the PHP to be executed as a script rather than bring back an unprocess PHP source code.

 

Maybe running a system command through php???

[widox]

You could always hard code the IP for the subdomain in your hosts file.

In /etc/hosts

2.2.2.2 sub.domain.net  sub

 

Try that out. Other then that, you're going to have to edit your DNS/Firewall to allow that access.

 

HTH

[sbritton]

OMG...LIGHTNING STRIKES.  I swear sometimes just having to write it down helps.

 

What I tried was using the PHP "system" command to invoke the code I wanted.  Since it runs on the server and you give it a file name, not a URL wrapper, there is no need to translate the URL to an IP.

 

Voilla!!

 

echo system("child.php")

 

QED

 

 

[niwa3836]

I see you have fixed but by the way there are various commands in the PIX that can help here. Look at alias as this can help change DNS lookups to internal addresses.