using published servers from private interface by public IP?

[Martin]

I published a few servers with RRAS.
All's working fine from public site (= internet).
But when accessing services from one server to an other server on the
private site and using public IP or public hostnames, this is not working!
Access is working fine when using the server's private IP ...

What I've forgotten to configure?

 

[Bill Grant]

Entries in the local DNS to resolve the names to private IP addresses?

 

[Dexter Mahadeo]

I think Grant's solution would work. I've never been able to go to to the Internet and come back in using public DNS entries. I just assumed this was normal and you could dset up internal A Records on the DNS as Grant suggested so that local intranet hosts don't try resolving outside to connect to the internal servers.

 

[Martin]

No. I do not want to have a separate zonefile to access websites in the LAN
and this is the reason why the error appears:

e.g.: I have a public IP with eg. 89.012.345.678. This IP is used on public
interface on gateway/routing server. The HTTP service (port 80) is forwarded
to the IP 192.168.1.25 which is a webserver on the private interface on
routing server. This server contains a website e.g. www.mysite.com. The one
and only zonefile for mysite.com points to 89.012.345.678 for host www.
Access from internet to www.mysite.com is working fine.

But when opening www.mysite.com on a pc on the private site of the routing
server the website is not opening. Because there is no separate zonefile
defined, the hostname www.mysite.com still resolves to 89.012.345.678. I
thought routing service (= lan gateway) recognizes this IP is one of his
public IP's and doing NAT without forwarding the packets to the internet.
Isn't it so?

Martin

 

[Bill Grant]

No. You cannot use a public address to access a web server from the
private side. The private side cannot use the public IP to access the
server. NAT just won't do it.

 

[Martin]

Hi,

But this is working fine when using e.g. ISA Server.
When publishing servers with ISA Server, there is no problem to access one
server from an other server with the public IP.

Which additional technology/service is needed for doing that? It would be
easy: The service should retrieve the public IP range from WAN port and the
forwarding information configured in routing and remote service. When
packets arrive on private interface with an destination IP of a forwarding
service on the public interface, the destination IP in the packet should be
replaced with the forwarded IP. I thought this feature is included in NAT
(like on ISA Server).

Is there an 3rd party add-on available?

Martin