trouble viewing public IP on intranet

[Lionlord]

Hi Everyone reading this,

The problem is situated in the following configuration :

We have a win2000 server with 2 IP's : 192.168.0.1 (for internal DHCP, DNS,
ADS, etc..) and 192.168.1.102(connected to a linksys Router BEFSR 4 ports).

The workstations connecting off course to win2000 DHCP pool 192.168.0.xxx
The linksys Router is configured with NO DHCP and takes the 192.168.1.102
outside connected to the DSL internet connection
Everything seems OK, All workstations can connect to the internet, find
eachother, mail and so on

BUT.... the win2000 server name is 'S01', so when we go to our browser, and
type http://S01/ there is no problem to see the website. When we try to type
http://www.xxx.xx/ (just an example ) which should be our static IP given
from our DSL ISP, he cannot find anything. Also if I try to type the static
IP in the browser, there is a timeout occurence.

Pinging the IP or domain by name is no problem.(trying this from workstation
internal as for the server)

The DNS is setup as internal which is based on the IP 192.168.0.1 (server
intranet) with no forwarders or whatsoever.

I don't know if You guys have enough information or if I'm asking the
correct group, but somehow I guess that DNS is somewhere a cause for this
symptom.

TIA,

Jonny

 

[Jeff Cochran]

Hi Everyone reading this,

The problem is situated in the following configuration :

We have a win2000 server with 2 IP's : 192.168.0.1 (for internal DHCP, DNS,
ADS, etc..) and 192.168.1.102(connected to a linksys Router BEFSR 4 ports).

The workstations connecting off course to win2000 DHCP pool 192.168.0.xxx
The linksys Router is configured with NO DHCP and takes the 192.168.1.102
outside connected to the DSL internet connection
Everything seems OK, All workstations can connect to the internet, find
eachother, mail and so on

BUT.... the win2000 server name is 'S01', so when we go to our browser, and
type http://S01/ there is no problem to see the website. When we try to type
http://www.xxx.xx/ (just an example ) which should be our static IP given
from our DSL ISP, he cannot find anything. Also if I try to type the static
IP in the browser, there is a timeout occurence.

Pinging the IP or domain by name is no problem.(trying this from workstation
internal as for the server)

The DNS is setup as internal which is based on the IP 192.168.0.1 (server
intranet) with no forwarders or whatsoever.

I don't know if You guys have enough information or if I'm asking the
correct group, but somehow I guess that DNS is somewhere a cause for this
symptom.

DNS partly, mostly your router configuration. If you have an internal
DNS server that resolves the www.xxx.xx domain to the *internal* IP
address, you'd be fine. But more likely it's an issue with not being
able to route your internal system outside and back in again. That's
not DNS. If the outside world can access your system by name, then
it's an issue with routing, if not, it's likely an issue with NAT/Port
Forwarding to the internal IP.

Jeff

 

[Kevin D. Goodknecht]

In

Hi Everyone reading this,

The problem is situated in the following configuration :

We have a win2000 server with 2 IP's : 192.168.0.1 (for internal
DHCP, DNS, ADS, etc..) and 192.168.1.102(connected to a linksys
Router BEFSR 4 ports).

The workstations connecting off course to win2000 DHCP pool
192.168.0.xxx The linksys Router is configured with NO DHCP and takes
the 192.168.1.102 outside connected to the DSL internet connection
Everything seems OK, All workstations can connect to the internet,
find eachother, mail and so on

BUT.... the win2000 server name is 'S01', so when we go to our
browser, and type http://S01/ there is no problem to see the website.
When we try to type http://www.xxx.xx/ (just an example ) which
should be our static IP given from our DSL ISP, he cannot find
anything. Also if I try to type the static IP in the browser, there
is a timeout occurence.

Pinging the IP or domain by name is no problem.(trying this from
workstation internal as for the server)

The DNS is setup as internal which is based on the IP 192.168.0.1
(server intranet) with no forwarders or whatsoever.

I don't know if You guys have enough information or if I'm asking the
correct group, but somehow I guess that DNS is somewhere a cause for
this symptom.

TIA,

Jonny

OK, let me get this right, the http://www.xxx.xx/ site is hosted locally and
you have it NATed to the web site private IP?
And you want to access it locally by typing http://www.xxx.xx/?
Locally you will have to access it by its private address because NAT does
not allow incoming connections from the inside, make sense?
What you need is a record named www pointing to the private address of the
web site in your xxx.xx Forward Lookup Zone on your internal DNS server.

 

[Lionlord]

[CUT]

What you need is a record named www pointing to the private address of the
web site in your xxx.xx Forward Lookup Zone on your internal DNS server.

[CUT]

Indeed, this was the solution. I just added the DNS domain name on the
internal server, pointed the primary NS on the DHCP to this server and
everyone can see it internally.

Thanks a lot for pointing it out

best regards,

Jonny

 

[Michael Johnston [MSFT]]

The IP address that this name is resolving to is the public IP on the NAT router. The NAT router is most likely dropping the packet. Many NAT routers will
perceive this as a spoof attack. What this means is that if the external interface of the NAT router receives a packet that was addressed from the internal
network, it may interpret that as a spoofed IP address and drop the packet. If it didn't then anyone on the internet could send your firewall a packet with a spoof
internal IP and the firewall would let it through, a very bad idea. This is a protection method used by the firewall.

What you'll need is use the internal IP address of the website for internal clients.

Thank you,
Mike Johnston
Microsoft Network Support

--

This posting is provided "AS IS" with no warranties, and confers no rights. Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

Note: For the benefit of the community-at-large, all responses to this message are best directed to the newsgroup/thread from which they originated.

 

[Lionlord]

The IP address that this name is resolving to is the public IP on the NAT

router. The NAT router is most likely dropping the packet. Many NAT routers
will

perceive this as a spoof attack. What this means is that if the external

interface of the NAT router receives a packet that was addressed from the
internal

network, it may interpret that as a spoofed IP address and drop the

packet. If it didn't then anyone on the internet could send your firewall a
packet with a spoof

internal IP and the firewall would let it through, a very bad idea. This

is a protection method used by the firewall.

What you'll need is use the internal IP address of the website for internal clients.

Thank you,
Mike Johnston
Microsoft Network Support

rights. Use of included script samples are subject to the terms specified at

http://www.microsoft.com/info/cpyright.htm

Note: For the benefit of the community-at-large, all responses to this

message are best directed to the newsgroup/thread from which they
originated.

Correct me if I'm wrong, but what You are typing is that when we want to see
the site internally, we need the 192.168.0.1 adress to view in the browser ?
But this is where my 'bosses' making a problem over, that when they want to
see it on the intranet, they want to type the domain name and not an IP
address.

Therefore I setup an DNS for the intranet who is resolving now the www
(CNAME) of this domain name and point it to the internal IP address. Now
it's OK, the workstations can see it and from the outside there is no
problem because our ISP is the master and slave NS for the domain name and
pointing the www to our static public IP.

Does this sound correct as configuration for You ?

Thanks for the support !

Best Regards,
Jonny