Solved

Cannot ping external IP/web address from LAN, yet can access site fine

Posted on 2009-03-31
6
423 Views
Last Modified: 2012-08-13
Embarking on a trip down the rabbit hole that started with Wordpress but is ending up with crazy DNS issues - hoping someone can help! My LAN network is set up with a Windows 2003 box which hosts DNS, a 10.5.6 Mac server which hosts our website, DHCP, and other various things, all behind a Netgear FVX538 firewall box.

The Mac server hosts our Wordpress website - recently I had been trying to start hosting a podcast for the Wordpress blog. Wordpress normally supports auto enclosures of media files, but that wasn't working, which I thought was strange. After much searching and testing, I realized that something was amiss with DNS that was most likely causing the issue.

I can ACCESS my website from the LAN (both on the server it's being hosted from and other computers in the LAN) but PINGING either the external IP or the domain name doesn't work. It pings for one entry, spits back the IP address, then stops with no other error message or notification of any kind. I can ping other external sites just fine, and can ping internal IP addresses just fine as well.

I'm not sure if this is a DNS problem, although it seems safe to say that it is. And because I've noticed no other issues, I'm not really sure where to begin in figure out what the problem is. It seems that there's some issue going on with internal DNS, so if anyone has advice of what I should look for, please let me know!
0
Comment
Question by:topher1078
  • 3
  • 3
6 Comments
 
LVL 70

Expert Comment

by:Chris Dent
ID: 24030512

If you're getting the correct IP Address back in response to a request for a name then DNS is done and out of the picture.

However, your server is hosted inside your network in this scenario?

That is you have something like this:

Internet   -----   Router   -----   Switch   -----   Clients
                                                     |
                                                Server

And you use NAT to get a public IP address from outside your network to your Server?

If so, then  no, clients will not be able to access the server using the public IP (and therefore also won't be able to using the public name which presumably resolves to that IP). If that is true, do you have a DNS server inside your network as well?

Chris
0
 

Author Comment

by:topher1078
ID: 24030635
That diagram is basically what we have. I have the router/firewall box set up with the ISPs DNS server, then an internal DNS server hosted on the Windows 2003 box. And yes, my firewall is using NAT to get outside the server.
0
 
LVL 70

Accepted Solution

by:
Chris Dent earned 500 total points
ID: 24030743

Okay, so clients inside won't be able to access on the public IP because it just gets horribly confused trying to route the requests.

The traditional answer is to create a zone on the internal DNS server that will provide clients inside the network with a private IP address for the domain name in question. This only works if all your internal clients use that internal DNS server.

I've blogged about this in the past, so I hope you'll forgive me pasting the link rather than rewriting my instructions for it :)

http://www.highorbit.co.uk/?p=459

Chris
0
Save on storage to protect fatherhood memories

You're the dad who has everything. This Father's Day, make sure your family memories are protected. My Passport Ultra has automatic backup and password protection to keep your cherished photos and videos safe. With up to 3TB, you have plenty of room to hold the adventures ahead.

 

Author Comment

by:topher1078
ID: 24030863
I will try those instructions - thanks - but I may have figured out something else. Tried switching out the Netgear firewall to our old Symantex VPN/100 and lo and behold, everything started working again - enclosures, pinging, the whole nine yards. So I guess when I was setting up the Netgear I missed a setting, any thoughts as to what that might be, or should I do your DNS suggestions first (with the Netgear) and see if that works first?
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 24036842

Some routers will handle it, some won't. It also depends if your server is set up in a DMZ.

The most important part is that it works from the public networks, it is possible to work around any issues internally.

Chris
0
 

Author Comment

by:topher1078
ID: 24040592
Followed your DNS instructions and everything now works great, with the new router. Thanks so much!
0

Featured Post

Superior storage. Superior surveillance.

WD Purple drives are built for 24/7, always-on, high-definition security systems. With support for up to 8 hard drives and 32 cameras, WD Purple drives are optimized for surveillance.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
How to stress test an ASP.NET https website 3 63
DNS Name Pointing 6 47
What is harden windows 10 for security? 5 98
How code a 301 redirect for folder files -> 1 file 2 21
There have been a lot of times when we have seen the need to enter a large number of DNS entries in a forward lookup zone. The standard procedure would be to launch the DNS Manager console, create the Zone and start adding new hosts using the New…
Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now