Searching \ for '[OT:] Can't see internal server from inside via e' in subject line. ()
Make payments with PayPal - it's fast, free and secure! Help us get a faster server
FAQ page: www.piclist.com/techref/index.htm?key=cant+see+internal
Search entire site for: 'Can't see internal server from inside via e'.

Exact match. Not showing close matches.
PICList Thread
'[OT:] Can't see internal server from inside via e'
2003\10\16@190020 by James Newton

face picon face
Have you noticed the site server doing up and down? There was also a major
hard drive crash in there, but (knock on wood) I keep good backups (my own
backup system using free components and batch files) and nothing was lost.
The rest of the up and down is me trying to be a network tech when I only
know a little about servers and embedded controllers. Sorry.

I changed the router at the request of my primary client (at who's office
the server is hosted) and ran into a problem I can't seem to fix.

Ok, server at (e.g.) 192.168.1.5 (static) and the external address (is)
66.13.172.18. I'm setting at (e.g.) 192.168.1.6 (or any of several other
machines) and I open up http://192.168.1.5 just fine. Then I try to open
http://www.massmind.org and I get nothing. http://www.google.com works fine.
I ping http://www.massmind.org and 66.13.172.18 responds just fine. So I try
http://66.13.172.18 and again it hangs. So I go next door where they have a
dial up connection and try http://www.massmind.org. Works just fine, as does
http://66.13.172.18.

Huh?

The router is a new Linksys BEFSX-41. I had a BEFSR-41 but the boss wanted
the newer one for some extra features he needs. The old unit was / is setup
just about the same (the only differences are related to differences in the
setup screens) and it did NOT have this problem.

The router shows this table:
Destination LAN IP Subnet Mask Default Gateway Hop Count Interface
0.0.0.0 - 0.0.0.0 - 66.13.172.19 - 1 - WAN
66.13.172.16 - 255.255.255.248 - 0.0.0.0 - 1 - WAN
192.168.1.0 - 255.255.255.0 - 0.0.0.0 - 1 - LAN

Why can't I access my web server from inside the network via the external IP
address? Do I need to add a static route? what?

And if there is no way, I have an XP laptop that goes home and back with me.
How can I set it up to correctly resolve DNS for http://www.massmind.org at home to
66.13.172.18 and at work to 192.168.1.5?

The answers I've received so far are posted at
http://www.experts-exchange.com/Networking/Broadband/DSL_Cable/Q_20752152.html and they just don't make any sense to me.

James Newton
http://www.piclist.com

--
http://www.piclist.com hint: The PICList is archived three different
ways.  See http://www.piclist.com/#archives for details.

2003\10\16@191310 by Liam O'Hagan

flavicon
face
Outlook removed the tag again...

{Quote hidden}

--
http://www.piclist.com hint: The PICList is archived three different
ways.  See http://www.piclist.com/#archives for details.

2003\10\16@192550 by Diego Sierra

flavicon
face
On Thu, 16 Oct 2003 15:56:56 -0700, James Newton <EraseMEjamesnewtonspam_OUTspamTakeThisOuTPICLIST.COM>
wrote:

> The router shows this table:
> Destination LAN IP Subnet Mask Default Gateway Hop Count Interface
> 0.0.0.0 - 0.0.0.0 - 66.13.172.19 - 1 - WAN
> 66.13.172.16 - 255.255.255.248 - 0.0.0.0 - 1 - WAN

Assuming this separation on the last lines:

   Dest. IP - Mask - Gateway - Hop count - Interface

In the first line, the IP gateway 66.13.172.19 is contained on the second
line LAN/Mask, 66.13.172.16/29, so you are telling the router that the
default gateway (0.0.0.0/0) is on the external network, the one which
cannot reach ?

Also, could not understand what a 0.0.0.0 gateway ip address on the second
line means, probably that all that network is reachable via the WAN
interface ?

Could you draw a simple picture with your networks and those router
interfaces ?

Cheers,
Diego.

--
http://www.piclist.com hint: The PICList is archived three different
ways.  See http://www.piclist.com/#archives for details.

2003\10\16@233711 by Dan Devine

picon face
James,

what you describe is pretty much what I have running here at my house (I
think), server running behind a firewall with NAT set to forward port
80/443 to my internal 192.168.0.10 box.  All other machines on the
internal network with DHCP addresses, except the laser printer (static
too).  I have a domain name, which points to the DHCP address given by
Comcast, my router then forwards the desired ports to my internal static
IP.  All other port forwarding is disabled by default.

As suggested in one of the other posts, try viewing your site through an
external proxy/annonymiziers.  That would have the same effect as the
dial-up.  This should make you feel confident that you are really
running to the outside world too.

I believe that the router is not forwarding/resolving the external
address (66.13.172.18) to 192.168.1.5 (which is the translated address
for whatever port your server is running on)...it seems that the IP addr
66' is only responded to when requests are made from the 'outside'
world.  This sorta makes sense, because the router really has two
addresses and two NIC's (embedded or otherwise).  To get the setup you
want to work, the packets have to travel to the outside of your router
(i.e. really get to the 66' side address), then be forwarded back inside
to your server.  Your ability to ping the 66' address from inside is
confusing though, I'll have to think on that.

Using the "http://www.blah.blah.etc" would not have any effect, since
the names are really just resolved to IP numbers by whatever DNS servers
you have setup.  Perhaps you could "teach" the router that DNS requests
for "http://www.blah.blah.etc" resolve to your inside static IP, and not
to bother the outside DNS servers with that query.  I've also read about
"caching DNS server" setup, where the firewall simply keeps copies of
recently requested name->IP addr. pairs for quick lookup.  You may be
able to use something like this to have your router respond to inside
DNS queries with the inside static address.  If you set your router to
answer this lookup as 192.168.1.5, the request will not be forwarded to
the next higher level, which would return the 66' number.

I've simply gotten used to entering the static IP addr. of the server
for all my machines inside the perimiter.  On my Linux box here, I
simply entered a static route for my server name to my static IP addr.
Queries end up looking like "http://archie/index.php".  It's not too
bad, not perfect but everything works otherwise.

Good luck,

DD







On Thu, 2003-10-16 at 15:56, James Newton wrote:
{Quote hidden}

--
Dan Devine <dannyboy259spamspam_OUTcomcast.net>
New World Industries

--
http://www.piclist.com hint: The PICList is archived three different
ways.  See http://www.piclist.com/#archives for details.

2003\10\17@070335 by Dennis Crawley

flavicon
face
----- Original Message -----
From: "Dan Devine"
Sent: Friday, October 17, 2003 12:38 AM
Subject: Re: [OT:] Can't see internal server from inside via external
address



> (i.e. really get to the 66' side address), then be forwarded back inside
> to your server.  Your ability to ping the 66' address from inside is
> confusing though, I'll have to think on that.

In that case use Trace instead of ping, so you can see the hops and Who is
resolving What.

Is not a good idea to wide open ports in NAT home routers. You have to
carefully shutdown all ports. The ports become "visible shutdown" instead of
"stealth shutdown".

--
http://www.piclist.com#nomail Going offline? Don't AutoReply us!
email @spam@listservKILLspamspammitvma.mit.edu with SET PICList DIGEST in the body

2003\10\17@222101 by Brandon Fosdick

flavicon
face
James Newton wrote:
<snip>
> Ok, server at (e.g.) 192.168.1.5 (static) and the external address (is)
> 66.13.172.18. I'm setting at (e.g.) 192.168.1.6 (or any of several other
> machines) and I open up http://192.168.1.5 just fine. Then I try to open
> http://www.massmind.org and I get nothing. http://www.google.com works fine.
> I ping http://www.massmind.org and 66.13.172.18 responds just fine. So I try
> http://66.13.172.18 and again it hangs. So I go next door where they have a
> dial up connection and try http://www.massmind.org. Works just fine, as does
> http://66.13.172.18.
<snip>

As others have pointed out most routers/switches with NAT/DHCP enabled
won't respond to the external address on the internal intefaces for
various reasons. You can try looking through the router's management
interface (or the manual) for a way to turn that off but AFAIK very few
provide that option. I have a similar setup with a low end Netgear and
there's no way to turn it off. Fortunately I rarely use windows and I
don't have many internal boxes so I can use the easy solution: I just
put the necessary translations in /etc/hosts on each machine. The harder
way to do it is to set up a caching DNS server with the appropriate
translations. The DNS route will work with your laptop if its set to use
DHCP on both networks.

The first response you got at experts-exchange is basically the same as
what I just said. The fact that you already have a DNS server shouldn't
matter. If your main server is already set up for caching you should be
able to add the necessary translation but I don't know anything about
the MS DNS software so maybe not. If you have a spare machine (or your
DHCP server) put a caching server on that and tell it to reference your
main DNS server.  Once you do that set the DHCP server to tell internal
machines about the caching server. Then your laptop (and all the other
boxes) should get the caching server when they request/renew their leases.

If you were running FreeBSD I could show you exactly how to do this... :)


---
Brandon Fosdick
http://www.terranspace.org

--
http://www.piclist.com#nomail Going offline? Don't AutoReply us!
email KILLspamlistservKILLspamspammitvma.mit.edu with SET PICList DIGEST in the body

More... (looser matching)
- Last day of these posts
- In 2003 , 2004 only
- Today
- New search...