From owner-freebsd-questions Tue Apr 30 15:45:31 2002 Delivered-To: freebsd-questions@freebsd.org Received: from hotmail.com (f211.sea1.hotmail.com [207.68.163.211]) by hub.freebsd.org (Postfix) with ESMTP id 8D3EC37B448 for ; Tue, 30 Apr 2002 15:44:32 -0700 (PDT) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Tue, 30 Apr 2002 15:44:32 -0700 Received: from 156.153.255.236 by sea1fd.sea1.hotmail.msn.com with HTTP; Tue, 30 Apr 2002 22:44:32 GMT X-Originating-IP: [156.153.255.236] From: "Carolyn Longfoot" To: wmoran@potentialtech.com Cc: freebsd-questions@freebsd.org Subject: Re: NAT/DNS/WEB Date: Tue, 30 Apr 2002 18:44:32 -0400 Mime-Version: 1.0 Content-Type: text/plain; format=flowed Message-ID: X-OriginalArrivalTime: 30 Apr 2002 22:44:32.0389 (UTC) FILETIME=[984BE350:01C1F098] Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Bill, thanks, I'm not quite there yet but at least in my mind I am beginning to narrow the problem down somewhat. I have inserted the tests from the outside and hope the revised questions reflect the problem statement better :-) Cheers, Caro >From: Bill Moran >To: Carolyn Longfoot >CC: freebsd-questions@freebsd.org >Subject: Re: NAT/DNS/WEB >Date: Tue, 30 Apr 2002 17:13:52 -0400 > >Carolyn Longfoot wrote: >>I have a machine that's a dual homed host running NAT and DNS, connected >>to the outside world with a static IP. It seems I can nslookup >>'www.mydomain.com' from the outside, so I think my DNS responds to >>lookups from the outside. > >If nslookup from a machine on the internet resolves the name to the proper >address, then your DNS is correct. A simple "ping www.mydomain.com" will >tell you whether or not the DNS resolved. If you then can't contact that >machine, well, it's not DNS that's the problem. The ping works, and I hope it's ok that ping www.mydomain.com returns this: Pinging mydomain.com [x.x.x.7] with 32 bytes of data: ... where .7 is the IP of the dual homed host, which I would expect becasue NAT should make sure to only communciate with the outside world using the external IP. >>I am pointing 'WWW' via DNS to a separate machine called >>web.mydomain.com but for some reason from the outside I cannot get to >>www.mydomain.com. It is working from the inside however. > >What's the IP address of the www machine? If it's a private IP addy, >you'll get this behaviour. Yes, the www box has a private IP. I was counting on the magic of NAT and DNS to resolve this, my naive reasoning was this: since I allow inbound DNS and have set up an alias for www.mydomain.com in DNS I was thinking that would be sufficient to direct traffic to the www box. >>My confusion is therefore the following: how can I test that outside DNS >>queries are resolved correctly and why would requests for www... not get >>routed to the Web server? > >Use nslookup, if it gives you the right number but you can't contact it, >then the DNS is correct but something else is wrong. nslookup www.mydomain.com gives this (from the outside): Server:... Address:... Non-authoritative answer: Name: mydomain.com Address: x.x.x.7 Aliases: www.mydomain.com It seems DNS is doing at least part of it's job and finds the alias www, while NAT returns the external IP, not the internal one. >>I'm pretty sure nothing relevant (UDP 53 or IP 80) gets dropped by the >>firewall btw. > >But is the routing information correct? Not sure if I understand the question but it could point to the root of the problem that no traffic actually goes to the www box. I must be missing some switch to make that work... >>This is my first attempt at DNS so please be gentle :-) I'm looking for >>a conceptual answer but I can follow up with config files if it helps. I >>read some old posts at 'Ask Mr.DNS' that talked about running 'split >>DNS'. Is that still necessary? > >Depends. The machine that's running the web server, is it actually >accessible from the Internet? If not, you'll either need another IP >address or to alias via NAT. >If you alias, you'll make your DNS entry for www point to the machine that >has the static IP, then you'll configure that machine to pass the request >through to the real webserver. Based on ping and nslookup it looks like it's found but not really, because nothing goes through to the www box. It's getting a little clearer now but where would I configure the 'pass http traffic to www' directive? NAT, DNS? --- >Bill Moran >Potential Technology >http://www.potentialtech.com > _________________________________________________________________ Send and receive Hotmail on your mobile device: http://mobile.msn.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message