K B
asked on
Set routes to test domain joined computer as if it were off the network
So I changed the DNS of my machine at work to public DNS (I am remoted in to it).
Unfortunately, it is not acting exactly as it normally would if I had it at home.
When I do trace routes it times-out unlike as if it were at home.
Any steps I could take to make this work?
Thank you.
K.B.
Unfortunately, it is not acting exactly as it normally would if I had it at home.
When I do trace routes it times-out unlike as if it were at home.
Any steps I could take to make this work?
Thank you.
K.B.
ASKER
I see.. At the same time the computer does not browse websites as it would from the outside.. any idea why? Is it having to leave and then come back in?
What exactly did you do when you said "I changed DNS"?
Did you change the IP in a zone of a DNS server, or you changed the DNS IP of the network configuration?
Did you change the IP in a zone of a DNS server, or you changed the DNS IP of the network configuration?
Aha, perfect!
Can you ping 8.8.8.8 and/or 4.2.2.2?
If the answer is yes, can you telnet 8.8.8.8 53 and/or telnet 4.2.2.2 53 ?
53 is the port where your machine ask 8.8.8.8 and 4.2.2.2 for DNS request. if you cannot ping it is a connection issue or a firewall rule which forbid connection to Google's public DNS.
If you can ping but you cannot telnet, is definitely a forbidden rule in firewall which restrict port 53.
To see if it is a connection problem if the ping fails, try ping to an IP address from you ISP, preferable the Gateway IP which ISP provided to you
Can you ping 8.8.8.8 and/or 4.2.2.2?
If the answer is yes, can you telnet 8.8.8.8 53 and/or telnet 4.2.2.2 53 ?
53 is the port where your machine ask 8.8.8.8 and 4.2.2.2 for DNS request. if you cannot ping it is a connection issue or a firewall rule which forbid connection to Google's public DNS.
If you can ping but you cannot telnet, is definitely a forbidden rule in firewall which restrict port 53.
To see if it is a connection problem if the ping fails, try ping to an IP address from you ISP, preferable the Gateway IP which ISP provided to you
ASKER
I can successfully ping and telnet to both
ASKER
I can get to any public website except the internal site I am trying to test.
In this case it means that your internet site is just internal and not public on the Internet. To make it public, you have to add in the DNS in the zone of your domain an A record with an IP public address where the site responds
ASKER
It is publicly available on the Internet.
The record exists in DNS.
I can access it from my home computer.
The record exists in DNS.
I can access it from my home computer.
can you ping from the server you just changed the DNS the site by name? How about pinging the IP public address of the site?
... you've just changed ...
ASKER
I can telnet to FQDN port 443 from home but not from the machine in question
Look at your local route table as well as your host file. You may need to add in a route in your route table and or edit your host file so that the machine on the inside can see your internal site. You may also want to check any potential NAT settings that may be in place.
[i]HTH
-Rafael[/i]
[i]HTH
-Rafael[/i]
ASKER
Anything NAT related would be a major undertaking with change requests. Could you guide me with the static routes on my workstation however?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
cannot ping to IP or FQDN from outside
cannot telnet (443) to IP or FQDN from inside (with public DNS manually entered)
CAN telnet (443) to IP or FQDN from inside (with normal DNS given out by DHCP)
cannot telnet (443) to IP or FQDN from inside (with public DNS manually entered)
CAN telnet (443) to IP or FQDN from inside (with normal DNS given out by DHCP)
ok!
The IP that you can telnet with the DNS given by DHCP, is public or private?
The IP that you can telnet with the DNS given by DHCP, is public or private?
ASKER
Private
OK! The corresponding public address of the site is configured on the machine where the site resides, or is on a router which makes port forwarding to the private IP address?
As I figure so far: in your DNS it is a record of www.wcff.net with a private address, but not a record with www.wcff.net with a public address, or
the DNS where the zone configuration resides is not visible/accesibe from Internet
But: As long as you cannot ping IP_public_address from Internet, maybe you have a misconfiguration of IP_public_address or a misconfiguration of port forwarding
Best regards!
the DNS where the zone configuration resides is not visible/accesibe from Internet
But: As long as you cannot ping IP_public_address from Internet, maybe you have a misconfiguration of IP_public_address or a misconfiguration of port forwarding
Best regards!
ASKER
I think that was a comment for another question Matrix?
times outs in trace route can occurs when the route passes routers configured to not respond at ping (ICMP packets)