R_Hos
asked on
Why can't my internal network see the outside site we host
So here is the problem. I have this website www.v-pos.net that works great, people can see it from the outside, it’s simple but it works. The problem that I have is that if I try going to www.v-pos.net from one of my machines I get a “The page cannot be found” error. It works fine using localhost/v-pos/index.cfm.
I’m running IIS on windows 2003 and I’m guessing that the problem lies somewhere there in but I just can’t find the setting.
Help would be appreciated.
I’m running IIS on windows 2003 and I’m guessing that the problem lies somewhere there in but I just can’t find the setting.
Help would be appreciated.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
It's probably what Technicon said, but it's more than likely your firewall (if you have one) that is preventing this if you are using Network Address Translation (NAT).
Your DNS lookup of "www.v-pos.net" points to an external IP address. you then send a request to that IP through your gateway. It eventually gets to your firewall. You're firewall/router will not translate from external IP address to internal IP address if the request is coming from the internal interface. For security reasons, the Firewall is usually very specific in what it allows. It will only allow:
1. packets with external sourceIPs come in on the external interface, destined for domain's publicIP get passed from external interface to internal interface (and translated if nescesssary)
2. packets with internal sourceIPs come on on the internal interface, destined for external IP addresses get passed from interal interface to external interface (and translated if nescessary)
What you are in face asking for is:
packets with internal sourceIPs comin in on the internal interface, destined for domain's publicIP.
This will not get translated and will just be plain ignored by the firewall.
the hosts file mentioned tecnicon gets around this. So would a static entry in your internal DNS sever if you have one. It should point www.v-pos.net to the internal IP address of that computer, as oppossed to the public IP address issued to you by your ISP
Your DNS lookup of "www.v-pos.net" points to an external IP address. you then send a request to that IP through your gateway. It eventually gets to your firewall. You're firewall/router will not translate from external IP address to internal IP address if the request is coming from the internal interface. For security reasons, the Firewall is usually very specific in what it allows. It will only allow:
1. packets with external sourceIPs come in on the external interface, destined for domain's publicIP get passed from external interface to internal interface (and translated if nescesssary)
2. packets with internal sourceIPs come on on the internal interface, destined for external IP addresses get passed from interal interface to external interface (and translated if nescessary)
What you are in face asking for is:
packets with internal sourceIPs comin in on the internal interface, destined for domain's publicIP.
This will not get translated and will just be plain ignored by the firewall.
the hosts file mentioned tecnicon gets around this. So would a static entry in your internal DNS sever if you have one. It should point www.v-pos.net to the internal IP address of that computer, as oppossed to the public IP address issued to you by your ISP
ASKER
when doing a nslookup i get the response non-existant domain. i would imagine it is because i am using a dns server that hasnt been updated for it. how do i setup a static entry in my internal DNS server that points www.v-pos.net to the internal IP address of the computer that it is on?
Where is the webserver located?
Is it on your local network or hosted elsewhere on the internet?
What DNS server are you using?
Is it on your local network or hosted elsewhere on the internet?
What DNS server are you using?
ASKER
its located on our local network and were running the dns that ships with server 2003
all you need to do is add a Host (A) record in your forward lookup zone...have it point to the internal IP of webserver...this way ...
all inside webtraffic uses internal IP (Private), and external web traffic uses external IP(From ISP)
all inside webtraffic uses internal IP (Private), and external web traffic uses external IP(From ISP)
Yes basically add www.v-pos.net to your local DNS with the internal IP address of the server. It should be fairly ovious how to add the entry using the admin tool that comes with 2003. I have only used 2003 very little myself so cannot say exactly where you have to go to add the entry.
Make sure that you create both a forward and reverse lookup record. That error message you were getting for NSLOOKUP may be due to the fact that you need a reverse DNS entry.
Can you bring up a DOS window and type "nslookup www.v-pos.net" and post here what you get back. Do you have a windows active directory domain which is also called v-pos.net?
Where is the website hosted?