DNS error assumed
Hi, we having a weird problem, we not able to access our webmail server internally via the website link, but when using our FQDN it opens the webpage fine.. although internally users should not need to access their webmail via the website, it should still work...
when i tractrt the webmail link it is caught in a loop between two firewalls... ive contacted the supplier and they said it might be a DNS issue that it cant break out and back in. they cant add a forwarder as there is already one from external and that works fine...
Please can someone assist on the DNS side.. im thinking my DNS is not working 100% or ive missed something..
Cheers
when i tractrt the webmail link it is caught in a loop between two firewalls... ive contacted the supplier and they said it might be a DNS issue that it cant break out and back in. they cant add a forwarder as there is already one from external and that works fine...
Please can someone assist on the DNS side.. im thinking my DNS is not working 100% or ive missed something..
Cheers
from your client machine check with nslookup if you are able to reach to URL and its private IP
If it works, I don't see any dns issue
Now try telnet URL on TCP 443, check if it works
some how your firewalls blocking webmail URL I think by some rule
If it works, I don't see any dns issue
Now try telnet URL on TCP 443, check if it works
some how your firewalls blocking webmail URL I think by some rule
ASKER
Hi, let me try explain:
we run Lotus notes with a webmail."site".com.au which is reachable from external with no problems. this name resolves to our public IP and is routed internal to the Lotus server and presto, users have access to webmail
now we do normally test this from internal when resetting or testing users passwords using the same link and use to be able to resolve and work. After the reload it was working fine as we were able to connect to the Wifi inhouse and got email delivered to our phones. After the security updates etc and a reboot, now it doesn't work, i cannot have mail delivered if im on the wifi to my phone, nor access the webmail link..
if i Ping the webmail URL internally i get a TTL expired in transit from an IP that the Service provider says is firewall IP.. they havent changed anything they say so reluctant to make any changes, but suggest it as a DNS issue... can i add or edit my DNS to route the requests to the internal IP if the external URL is used internally...
I have turned off our internal Firewall, as our external does filtering in and out, but like i said after an recommended update its not working no more, so assume i need to make changes, but not sure where
Does this make any sense.. ive tried a route add to point the traffic internal but it only changes the ping to a timed out made no other difference..
if i run a NSLookup to the URL it resolves to the external IP fine, but wont service a webpage request..
Telnet fails on no port and 443 from internal, External it also fails on a multitude of ports, but from browser it works, it directs it to the URl/DominoWeb.nsf and users can log in
Any suggestions will be greatly appreciated and tried..
Cheers
we run Lotus notes with a webmail."site".com.au which is reachable from external with no problems. this name resolves to our public IP and is routed internal to the Lotus server and presto, users have access to webmail
now we do normally test this from internal when resetting or testing users passwords using the same link and use to be able to resolve and work. After the reload it was working fine as we were able to connect to the Wifi inhouse and got email delivered to our phones. After the security updates etc and a reboot, now it doesn't work, i cannot have mail delivered if im on the wifi to my phone, nor access the webmail link..
if i Ping the webmail URL internally i get a TTL expired in transit from an IP that the Service provider says is firewall IP.. they havent changed anything they say so reluctant to make any changes, but suggest it as a DNS issue... can i add or edit my DNS to route the requests to the internal IP if the external URL is used internally...
I have turned off our internal Firewall, as our external does filtering in and out, but like i said after an recommended update its not working no more, so assume i need to make changes, but not sure where
Does this make any sense.. ive tried a route add to point the traffic internal but it only changes the ping to a timed out made no other difference..
if i run a NSLookup to the URL it resolves to the external IP fine, but wont service a webpage request..
Telnet fails on no port and 443 from internal, External it also fails on a multitude of ports, but from browser it works, it directs it to the URl/DominoWeb.nsf and users can log in
Any suggestions will be greatly appreciated and tried..
Cheers
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Adding this question to Lotus subject area as well, on the chance it's something related to the recent patches that someone there knows about.
I'm not a Lotus person, so I apologize if this question seems inept -- does the value of "site" in ' webmail."site".com.au' change based on the source location of the request?
(related) Is the IP address returned by an nslookup to the webmail address the same regardless of whether nslookup is requested internally or externally?
I interpret "Telnet fails on no port and 443 from internal," to mean it fails when you don't specify a port (which means it tried 23... which you'd want to fail to connect to your server).
I wouldn't be too worked up about PING (or tracert) not getting thru the router -- it's very common to filter ping packets to prevent network enumeration by potential attackers.
Is there any chance that you have a network address translation (NAT) set up for your mail web server... and the server is on private addresses and you have one of your routers/firewalls converting that to an internal address?
I'm not a Lotus person, so I apologize if this question seems inept -- does the value of "site" in ' webmail."site".com.au' change based on the source location of the request?
(related) Is the IP address returned by an nslookup to the webmail address the same regardless of whether nslookup is requested internally or externally?
I interpret "Telnet fails on no port and 443 from internal," to mean it fails when you don't specify a port (which means it tried 23... which you'd want to fail to connect to your server).
I wouldn't be too worked up about PING (or tracert) not getting thru the router -- it's very common to filter ping packets to prevent network enumeration by potential attackers.
Is there any chance that you have a network address translation (NAT) set up for your mail web server... and the server is on private addresses and you have one of your routers/firewalls converting that to an internal address?
@Rich: question isn't as inept as you might think. If it worked before, it's not very probable that there is a problem with the DNS.
@320adel: can you post a screen snip of the Site document? If you set up the Internet Site to listen only to webmail.site.com.au, it won't handle any internal names, unless you define the site as the default site. And what is the internal address like?
@320adel: can you post a screen snip of the Site document? If you set up the Internet Site to listen only to webmail.site.com.au, it won't handle any internal names, unless you define the site as the default site. And what is the internal address like?
Hi 320adel,
We had exactly the same problem. The router / firewall upgrade in our case added a new security feature, internal users cannot loop out to the external ip address and back in. The router tech support told us that is a new security feature and can't be changed.
So, as Mahesh explained, the only fix is to have your internal dns server point your domain to the internal ip address, while on the outside world your domain will point to the external ip address.
You can contact your router / firewall tech support folks for more details as well.
Thanks,
Toby J. H.
We had exactly the same problem. The router / firewall upgrade in our case added a new security feature, internal users cannot loop out to the external ip address and back in. The router tech support told us that is a new security feature and can't be changed.
So, as Mahesh explained, the only fix is to have your internal dns server point your domain to the internal ip address, while on the outside world your domain will point to the external ip address.
You can contact your router / firewall tech support folks for more details as well.
Thanks,
Toby J. H.
ASKER
@mahesh,
Top Notch support Mahesh, added the different names used for the webmail server, why 3 i dont know this is inherited site and config.. and now its all working again, it all worked prior, why after updates it stopped is still a mystery.
Cheers all for assistance and angles @Rich, @TobyJH, @Stef
Top Notch support Mahesh, added the different names used for the webmail server, why 3 i dont know this is inherited site and config.. and now its all working again, it all worked prior, why after updates it stopped is still a mystery.
Cheers all for assistance and angles @Rich, @TobyJH, @Stef
I'm not certain I understand what you mean by the link being caught in a loop between two firewalls? (If it's DNS issue between two firewalls, perhaps you could explain that more fully?)