donwinchell
asked on
accessing web server using external IP address from inside the lan where the web server resides
Have a netgear prosafe firewall. Have linux web server behind fire wall. no DNS setup Only port 80 and port 5000 open on fire wall. when someone inside the firewall types in the external IP address they reach the firewall logon and not the web site. if they type in the INTERNAL IP address of the web server it works fine. if someone OUTSIDE the fire wall types in the EXTERNAL IP address it works fine. the firewall has NAT set up. the firewall redirects all incomming port 80 requests to the internal 192.168.0.xxx web server address. we currently do not have the domain URL pointing to the external IP address as this is a new site and the URL still points to the old site. we want to test before redirecting the URL to the new IP (external) address
I have solved this issue before WITHOUT use of DNS with some kind of internet NAT filter redirection (or something like that) on a 3com firewall, but don't remember what and don't know how to do it on a netgear prosafe
I have solved this issue before WITHOUT use of DNS with some kind of internet NAT filter redirection (or something like that) on a 3com firewall, but don't remember what and don't know how to do it on a netgear prosafe
ASKER
Response, not solution (I am new to this expert exchange)
Netgear certainly advertises this as if it was of enterprise class. The 3com I did this on cost $1000 bucks, but that was over 5 years ago. It would help to actually understand the logic of why this is happening and what a firewall solution what do. I think I get how the DNS would work, if it is an internal DNS and is listed as the first DNS then when the actual domain name is entered, it sees it and directs it to the INTERNAL address. but even in this case I don't know if that is the best solution, but this just has to be one of the most common issues that every small network, hosting their own site, comes up with
Netgear certainly advertises this as if it was of enterprise class. The 3com I did this on cost $1000 bucks, but that was over 5 years ago. It would help to actually understand the logic of why this is happening and what a firewall solution what do. I think I get how the DNS would work, if it is an internal DNS and is listed as the first DNS then when the actual domain name is entered, it sees it and directs it to the INTERNAL address. but even in this case I don't know if that is the best solution, but this just has to be one of the most common issues that every small network, hosting their own site, comes up with
Good luck,
harbor235 ;}
harbor235 ;}
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
thanks for your help. How it works is beginning to make sense to me (as well as how it does not work). It looks like I will need to set up a dns server on the linux machine.
If I understand this correctly I set up this dns as the FIRST dns then set up 2nd and third dns as the dns provided by my ISP. Do I set this up as simply a LOCAL dns, i.e. not synchronizing with the internet dns servers and just use it for local addressing?
If I understand this correctly I set up this dns as the FIRST dns then set up 2nd and third dns as the dns provided by my ISP. Do I set this up as simply a LOCAL dns, i.e. not synchronizing with the internet dns servers and just use it for local addressing?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I am not familar with Netgear products but this is what i do on the Cisco ASA to over come this issue.
on the ASA i create a static nat/pat where I am natting from the inside to the outside or vice versa doesnt really matter , using the same external ip address as the inside address and outside address and in your case port number. So if done correctly anyone who visits the intresting IP on port 80 will be directed to the outside ip on port 80 if they were on the inside. I hope i wrote that right . .
on the ASA i create a static nat/pat where I am natting from the inside to the outside or vice versa doesnt really matter , using the same external ip address as the inside address and outside address and in your case port number. So if done correctly anyone who visits the intresting IP on port 80 will be directed to the outside ip on port 80 if they were on the inside. I hope i wrote that right . .
If it were a entrprise class firewall you would not have this problem, i am not sur eif the netgear is capable, never looked though.
harbor235 ;}