Cannot reach our own web site from within our network. Externally it is OK.

What does nslookup report from the LAN? I agree most likely DNS related. I'd double check the DNS entries on the LAN DNS.

If the www record on your LAN is pointing to the new address is the DNS where your site is registered pointing to the new IP as well?

go to http://intodns.com and test

May want to delete the A record and add back. Also double check the domain is www.domain.com, it will only be different if the zone in your DNS server is different than the website. Was there any changes with the naming convention?

1) Is the A record on your network correct?
2) Can you access the site by IP address?
3) Have you checked the firewall rules, etc?
4) Have you checked how traffic is flowing from your network to the site?

Best to start at the beginning.

1) Mention your actual domain.tld name.

2) Show output of the following from inside your network...

nslookup domain.tld
nslookup www.domain.tld

Select allOpen in new window

Here is the result of the nslookup on the server.
Nslookup-for-EE.PNG

Here are the results of the nslookup.tld
nslookup-domain.tld.PNG

The A record for www.villastfrancis.org is correct on my internal DNS.  I have deleted that record and added it back in.

 I cannot reach the web site via IP address.

Tracert to www.villastfrancis.org goes nowhere

If you moved it to a new server, check the following:

1. Disable Windows Firewall through Control Panel and see if you can access it.
2. Look at your Physical Firewall rules.  Is there a rule for the Web server and if there is, is the new Web server added?
3. If you used the same IP address, in the firewall is the IP address associated with an ARP Mac address?

Hello Coolie,

A little piece of info may help here.  We don't host the web site ourselves.  We simply changed the DNS records to point to the new IP address through our host (Expiry) when the site moved and all is working well from the outside only.  Therefore, no changes have been made on the firewall at all.  We were able to reach the site at the old IP address from inside our network and now that the web site has moved to a new external IP, we can no longer see it from within the LAN.

Your site is registered here https://www.enom.com/ I would log in and check the DNS records here.

enom is just a company that apparently bought out Expiry some time ago.  I don't have an enom account nor do I need one because I get my changes done through my Expiry account.  And, once again, the changes worked immediately when I did them in my Expiry account.

thanks,

Well, normally when a site moves, here's the things that changes:

On the host provider side, they create a NAT rule for the internal IP to hit the public IP address.  There is a policy in place as well to allow WAN access over 80/443 to the public IP address.

The DNS entry is changed on the site to point to the new external IP address.

If you use to have access to the local IP address, that means on the host provider side, they had a rule in place, possibly a VPN tunnel in place, to allow your IP address to hit the local IP address.

If that is no longer working, that's because the new host providers don't have that VPN tunnel in place and/or the rule in place to allow you access to the local server.

You will more than likely need to reach out to the new host providers and let them know you can't hit the local IP address or ask them what is the new local IP address.

If it's hosted by the same group and the external IP changed, you'll still need to contact them and let them know you can no longer hit the local IP address because it could actually be on a different local IP address now.

One thing you can do is use a program like Angry IP Scanner and scan the network the local IP address you use to access is on and see if one responds.  If it does, try to hit that IP address and see if your site responds.

Notice that if you browse to the site at www.villastfrancis.org you actually get a 301 redirect to villastfrancis.org.  So you need an A record for that name which resolves to the correct IP.  Or have them adjust the site so that the redirect isn't there.

This is pretty easy to observe by using the developer tools in a browser.  For example: press F12 in Firefox > go to the Network tab > then enter the site in the location bar > now look in the Network pane (scroll to the top).  There's actually two redirects:
 - one from http://www.villastfrancis.org to https://www.villastfrancis.org
 - then another from https://www.villastfrancis.org to https://villastfrancis.org

the changes worked immediately when I did them in my Expiry account.

Not true, they worked immediately from outside your network. From your LAN they never worked after.

The simple way to resolve this is to dump any type of VPN or other games you're playing with local DNS.

When nslookup returns the correct IP - 146.66.69.106 - you'll have access to your site.

It appears that there are multiple sites (virtual servers) sharing that IP, which explains why browsing by IP isn't possible (it actually brings up a different website - results like these are important include when providing info).

Tracert should work though (whether using  www.villastfrancis.org, villastfrancis.org, or IP), unless your firewall is blocking traffic.  I had no problem getting results.

See my earlier post - if villastfrancis.org isn't resolving to the correct IP as well, then you'll have a problem.

is your local domain villasfrancis.org? I would guess so.. since it is redirecting from www.villastfrancis.org to villastfrancis.org it is going to be wanting to go to your local site's A record for villastfrancis.org

one normally does the redirect from the non www to the www