Solved

Web Servers not accessible due to Nat and external DNS

Posted on 2002-04-09
3
312 Views
Last Modified: 2010-04-17
we have a linux machine and an NT webserver which is visible from the outside of the organization thru NAT, using a statememt like:

ip nat inside source static tcp 192.168.1.3 80 213.147.165.130 80 extendable.

browsing the webserver from outside the org. works fine.  However, when we attempt to browse the website from machines from within the org. we get permission dialogs and authentification errors.  This is because essentially, we are trying the browse the router from the inside interface.  Ie, DNS queries for the domain and finds that 213.147.165.130 is the ip address the website is on.  It then tries to connect to this address, but thru the internal router network card.  This causes the login dialog to appear.

Is there a way to tell the router that is should redirect traffic which connects to the external network card via the internal network card on a specific port (i.e. only on port 80, 21 etc) back using the NAT settings?

Thanks

0
Comment
Question by:ossentoo
  • 2
3 Comments
 
LVL 4

Expert Comment

by:svindler
ID: 6927523
You have (at least) three options:
1)
The router will change dns replies if there is a static one-to-one nat ie:
ip nat inside source static 192.168.1.3 213.147.165.130

This is the easiest but require that you actually have a specific ip address to use for each server.
2)
Put the servers on a separate leg of the router, and make the same NAT from inside as from the outside.

This gives you the added benefit of a more secure solution, but is the most expensive.
3)
Setup an internal dns-server with the correct replies for the inside addresses.
This solution can be used in most cases but involves the most work and administrative overhead if you have more servers.
0
 

Author Comment

by:ossentoo
ID: 6931322
I've actually implemented the third solution.  However, if the linux machine which actually hosts the DNS record is switched on first, and then the webserver is switched on after some clients machines have been turned on, the clients get there DNS queries answered by the linux machine, which then informs them that the DNS record for motorsport.co.ug is 213.147.165.130.  

As the webserver is actually at a 192.168.1 address, the client fails and needs to be rebooted in order to get the correct DNS address of 192.168.1.*.  
0
 
LVL 4

Accepted Solution

by:
svindler earned 150 total points
ID: 6932475
What I meant by solution 3 was to setup a dns server on the inside that would actually respond with the 192.168.1.* address of motorsport.co.ug, whenever inside clients asked.
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

New Server 172.16.200.2  was moved from behind Router R2 f0/1 to behind router R1 int f/01 and has now address 172.16.100.2. But we want users still to be able to connected to it by old IP. How to do it ? We can used destination NAT (DNAT).  In DNAT…
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now