Can't access our webpage

We have a web server on our 2003 active directory domain.  It is on a windows 2000 server machine.  When people type in our website outside our network over the internet, for example,, they can access our website.  Users on our network cannot access our webpage unless they type in it's internal network addrss.  If they type in the external internet ip address or they can't access it.  Any ideas?
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

egarrisonCEO / CTOCommented:
If you have an internal DNS server that your users connect to, put the internal IP in for that domain record. This is a common issue in environments with the webserver behind load balancers or a Firewall doing NAT.  

You can also add to c:\windows\system32\drivers\etc\HOSTS and entry for them to hit it on the internal IP.


Im guessing that your Domain Is called

You will have to go to the DNS Server and go into your forward lookup zone.  Create an Alias Record or www and point it to the Windows 2000 Webserver.

Now when users try to access it should go to the Web Server
It should read

<<Create an Alias Record of www and point it to the WebServer>>>
Your Guide to Achieving IT Business Success

The IT Service Excellence Tool Kit has best practices to keep your clients happy and business booming. Inside, you’ll find everything you need to increase client satisfaction and retention, become more competitive, and increase your overall success.

create a new forward lookup zone with the name of your website and give it the ip address of your internal network ,but clients must have the dns configuration the ip of your local dns server .

What kind of firewall do you have?
Many firewalls/routers will not allow you to access the NAT'd IP (public) from the inside (private)
No Cisco router or PIX FW will allow it.
this is a common problem with NAT performed at the firewall or router.

If the user's default gateway is not the firewall or router that perform the NAT.
Then one quick and dirty fix is to create a host route for the IP address that map the public ip to the private ip.

E.g. Public IP address for web server
      Private IP address for web server

If the topology is as such :

 Internet <-> Router/Firewall (NAT) <-> L3 Switch or Router <-> User machine

Then you can perform a host route at the L3 switch to translate to

This will work if you don't have a internal DNS.

Irmoore is right.
PIX does not allow it but sonicwall does allow it.
Steelin_ItAuthor Commented:
I'm pretty sure it's not the firewall or router as it worked before we got the new 2003 dc.  We only have the one dc and it's also running dns.  Our webserver is not in our domain. It's a stand alone server in a dmz off of our firebox.  Could someone walk me through creating a forward look up zone or an alias.  I am totally new to 2003 server and have tried both options unsuccessfully.
Here is what you have to do.

Is your Local Domain name the same as your webpage domain.  ex. Local Domain = ??

If the above is true do the follwoing.

Go to Start -- Administrative Tools -- DNS
Expand Forward Lookup Zones
Expand you Local Domain ZOne

In the right had pane right click and select New Host (A) Record.
For the Name type www
and for the IP Address type (the IPAddress of your wepage Server).

And your Done!
Steelin_ItAuthor Commented:
Unfortunately the domain names are different.
Then you will have to add a new forward lookup zone.

Go to DNS, Right Click Forward Lookup Zones and Select New Zone
Create a Primary Zone
Zone name should be

Next Open the
In the right had pane right click and select New Host (A) Record.
For the Name type www
and for the IP Address type (the IPAddress of your wepage Server).

Now when you type it will get resloved to your web server

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Steelin_ItAuthor Commented:
I did that but it still doesn't work.  Does it have to replicate in the directory before it will work?  Our web server is just by itself in a workgroup not part of any domain.  I don't know if that matters or not.
No it should not matter.

what IP address did you assign for the websever in DNS.  Your External IP Address, or Your Webservers IPAddress

Can your Clients Connect to the WebServer, by just entering its LAN IPAddress?

Pint, what address does it resolve to?
Steelin_ItAuthor Commented:
I assigned the webservers ip address not the external one.  Yes clients can get to it by the external ip address.  Out on the internet our website resolves to the external ip address.  Clients can access our webpage using the internal ipi address but not the external one.
Steelin_ItAuthor Commented:
Sorry clients can't get to it by the external ip address just the internal one.

Try this, Go -- Start -- Run -- CMD


Now try accessing your webpage.  Does it work?

If not Go
Start -- Run -- CMD

type:  Ping

What address is it resolving???

Do these form a computer on your LAN
Steelin_ItAuthor Commented:
Cool flushing the dns worked.  Thanks for the step by step walkthrough it's much appreciated!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.