Date: Tue, 30 Apr 2002 18:44:32 -0400 From: "Carolyn Longfoot" <c_longfoot@hotmail.com> To: wmoran@potentialtech.com Cc: freebsd-questions@freebsd.org Subject: Re: NAT/DNS/WEB Message-ID: <F2114RA59w1PAylAQc90000166c@hotmail.com>
next in thread | raw e-mail | index | archive | help
Bill, thanks, I'm not quite there yet but at least in my mind I am beginning to narrow the problem down somewhat. I have inserted the tests from the outside and hope the revised questions reflect the problem statement better :-) Cheers, Caro >From: Bill Moran <wmoran@potentialtech.com> >To: Carolyn Longfoot <c_longfoot@hotmail.com> >CC: freebsd-questions@freebsd.org >Subject: Re: NAT/DNS/WEB >Date: Tue, 30 Apr 2002 17:13:52 -0400 > >Carolyn Longfoot wrote: >>I have a machine that's a dual homed host running NAT and DNS, connected >>to the outside world with a static IP. It seems I can nslookup >>'www.mydomain.com' from the outside, so I think my DNS responds to >>lookups from the outside. > >If nslookup from a machine on the internet resolves the name to the proper >address, then your DNS is correct. A simple "ping www.mydomain.com" will >tell you whether or not the DNS resolved. If you then can't contact that >machine, well, it's not DNS that's the problem. The ping works, and I hope it's ok that ping www.mydomain.com returns this: Pinging mydomain.com [x.x.x.7] with 32 bytes of data: ... where .7 is the IP of the dual homed host, which I would expect becasue NAT should make sure to only communciate with the outside world using the external IP. >>I am pointing 'WWW' via DNS to a separate machine called >>web.mydomain.com but for some reason from the outside I cannot get to >>www.mydomain.com. It is working from the inside however. > >What's the IP address of the www machine? If it's a private IP addy, >you'll get this behaviour. Yes, the www box has a private IP. I was counting on the magic of NAT and DNS to resolve this, my naive reasoning was this: since I allow inbound DNS and have set up an alias for www.mydomain.com in DNS I was thinking that would be sufficient to direct traffic to the www box. >>My confusion is therefore the following: how can I test that outside DNS >>queries are resolved correctly and why would requests for www... not get >>routed to the Web server? > >Use nslookup, if it gives you the right number but you can't contact it, >then the DNS is correct but something else is wrong. nslookup www.mydomain.com gives this (from the outside): Server:... Address:... Non-authoritative answer: Name: mydomain.com Address: x.x.x.7 Aliases: www.mydomain.com It seems DNS is doing at least part of it's job and finds the alias www, while NAT returns the external IP, not the internal one. >>I'm pretty sure nothing relevant (UDP 53 or IP 80) gets dropped by the >>firewall btw. > >But is the routing information correct? Not sure if I understand the question but it could point to the root of the problem that no traffic actually goes to the www box. I must be missing some switch to make that work... >>This is my first attempt at DNS so please be gentle :-) I'm looking for >>a conceptual answer but I can follow up with config files if it helps. I >>read some old posts at 'Ask Mr.DNS' that talked about running 'split >>DNS'. Is that still necessary? > >Depends. The machine that's running the web server, is it actually >accessible from the Internet? If not, you'll either need another IP >address or to alias via NAT. >If you alias, you'll make your DNS entry for www point to the machine that >has the static IP, then you'll configure that machine to pass the request >through to the real webserver. Based on ping and nslookup it looks like it's found but not really, because nothing goes through to the www box. It's getting a little clearer now but where would I configure the 'pass http traffic to www' directive? NAT, DNS? --- >Bill Moran >Potential Technology >http://www.potentialtech.com > _________________________________________________________________ Send and receive Hotmail on your mobile device: http://mobile.msn.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?F2114RA59w1PAylAQc90000166c>