Date: Tue, 30 Apr 2002 21:30:26 -0400 From: "Carolyn Longfoot" <c_longfoot@hotmail.com> To: wmoran@potentialtech.com Cc: freebsd-questions@freebsd.org Subject: Re: NAT/DNS/WEB Message-ID: <F23lRLjPrJBBoW5xtAe00005521@hotmail.com>
next in thread | raw e-mail | index | archive | help
WEEEEEEEE!! I can see the page from the outside after adding redirect_port tcp 10.0.0.3:80 80 to natd.conf I'm sure I can figure out why I cannot get to the page from the inside anymore, that it works from the outside is the breakthrough that counts. Thanks Bill!!! Caro >From: Bill Moran <wmoran@potentialtech.com> >To: Carolyn Longfoot <c_longfoot@hotmail.com> >CC: freebsd-questions@freebsd.org >Subject: Re: NAT/DNS/WEB >Date: Tue, 30 Apr 2002 19:43:54 -0400 > >Carolyn Longfoot wrote: >>Bill, >> >>thanks, I'm not quite there yet but at least in my mind I am beginning >>to narrow the problem down somewhat. I have inserted the tests from the >>outside and hope the revised questions reflect the problem statement >>better :-) > >You're on the right road, you just haven't walked far enough yet. > >>>From: Bill Moran <wmoran@potentialtech.com> >>>To: Carolyn Longfoot <c_longfoot@hotmail.com> >>>CC: freebsd-questions@freebsd.org >>>Subject: Re: NAT/DNS/WEB >>>Date: Tue, 30 Apr 2002 17:13:52 -0400 >>> >>>Carolyn Longfoot wrote: >>> >>>>I have a machine that's a dual homed host running NAT and DNS, connected >>>>to the outside world with a static IP. It seems I can nslookup >>>>'www.mydomain.com' from the outside, so I think my DNS responds to >>>>lookups from the outside. >>> >>> >>>If nslookup from a machine on the internet resolves the name to the >>>proper >>>address, then your DNS is correct. A simple "ping www.mydomain.com" will >>>tell you whether or not the DNS resolved. If you then can't contact that >>>machine, well, it's not DNS that's the problem. >> >> >>The ping works, and I hope it's ok that ping www.mydomain.com returns >>this: >>Pinging mydomain.com [x.x.x.7] with 32 bytes of data: >>... >>where .7 is the IP of the dual homed host, which I would expect becasue >>NAT should make sure to only communciate with the outside world using >>the external IP. > >Pretty much. Forget DNS, routing, etc, at this point - they're all working >correctly. Well done. > >>>>I am pointing 'WWW' via DNS to a separate machine called >>>>web.mydomain.com but for some reason from the outside I cannot get to >>>>www.mydomain.com. It is working from the inside however. >> >>>What's the IP address of the www machine? If it's a private IP addy, >>>you'll get this behaviour. >> >>Yes, the www box has a private IP. I was counting on the magic of NAT >>and DNS to resolve this, my naive reasoning was this: since I allow >>inbound DNS and have set up an alias for www.mydomain.com in DNS I was >>thinking that would be sufficient to direct traffic to the www box. > >Not quite. NAT is capable of doing what you want, it's just not capable >of doing it automatically. >Read through the man page for natd and pay special attention to the >-redirect_port option. What you want to do is redirect port 80 on the >gateway machine to port 80 on your webserver. That will instruct natd >on how to direct traffic. > >>nslookup www.mydomain.com gives this (from the outside): >>Server:... >>Address:... >>Non-authoritative answer: >>Name: mydomain.com >>Address: x.x.x.7 >>Aliases: www.mydomain.com >> >>It seems DNS is doing at least part of it's job and finds the alias www, >>while NAT returns the external IP, not the internal one. > >That's what you want, once you've setup natd, everything should work >(assuming >your web server is set up, etc) > >>Based on ping and nslookup it looks like it's found but not really, >>because nothing goes through to the www box. >>It's getting a little clearer now but where would I configure the 'pass >>http traffic to www' directive? NAT, DNS? > > >The natd option -redirect_port > > >-- >Bill Moran >Potential Technology >http://www.potentialtech.com > _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?F23lRLjPrJBBoW5xtAe00005521>