Resolving External IP address Internally
|
From: Cliff Galiher - MVP on 6 May 2010 15:40 Licensing gets sketchy with hosting as well. I believe that if there is a business need to host a web app internaly then the business is big enough to afford a separate non-domain-controller server. Windows Server Web Edition is not expensive. -Cliff "Brian Cryer" <not.here(a)localhost> wrote in message news:eOaTJlP7KHA.2292(a)TK2MSFTNGP04.phx.gbl... > "Cliff Galiher - MVP" <cgaliher(a)gmail.com> wrote in message > news:B3B8223F-DDF2-4BE4-A3AA-ABFDE75D7DDF(a)microsoft.com... >> There are a couple of things worth mentioning here: >> >> 1) the "page.html" has me very nervous. You should NOT be hosting web >> content on your SBS server. Just need to mention that. > > It opens the possibility of security issues and I wouldn't recommend it > for anything busy, but I wouldn't go so far as to say should not host. > Just be careful and ensure you know what you are doing. > -- > Brian Cryer > www.cryer.co.uk/brian >
From: Cliff Galiher - MVP on 6 May 2010 15:42 > No its not a router issue, its how you've set it up. You said that > (quote): Yes, it *is* a router issue. You can work around a router issue by using DNS and creating a split-brain scenario (where the name resolved to two different IPs depending on which DNS is asked) but the fact that you get two different results only amplifies and highlights the fact that you are working around a router limitation. Don't get me wrong, I've had to use split-brain DNS in many places, but it doesn't make it "right" and doesn't mean the router is not at issue.
From: -Draino- on 7 May 2010 06:42 On May 6, 11:24 am, "Gregg Hill" <greggmhill at please do not spam me at yahoo dot com> wrote: > Brian, > > You stated that, "If you use an explicit IP address then the same address > won't work both internally and externally." That is because his router is > not set up for loopback or won't do loopback at all. > > Your workaround to have a DNS name mapped differently internally than > externally is precisely a router issue. > > My WatchGuard firewall does loopback, and I can hit my mail server from > inside or outside using the public FQDN or its public IP address, with zero > internal DNS modifications. > > If he has a router with loopback working, he will be able to usehttp://173.181.14.188/Xcelerator/Mobile/whateverboth externally and > internally, and if he sets up public DNS pointing to that address, it will > work the same inside and outside without internal DNS changes. > > Gregg Hill > > "Brian Cryer" <not.here(a)localhost> wrote in message > > news:exsKvqP7KHA.5848(a)TK2MSFTNGP06.phx.gbl... > > > > > "-Draino-" <randyd...(a)gmail.com> wrote in message > >news:a8fa634f-0244-479c-a7b3-9b101b7b71c7(a)24g2000yqy.googlegroups.com... > >> On May 6, 12:00 am, "Cliff Galiher - MVP" <cgali...(a)gmail.com> wrote: > >> > There are a couple of things worth mentioning here: > > >> > 1) the "page.html" has me very nervous. You should NOT be hosting web > >> > content on your SBS server. Just need to mention that. > >> > 2) A direct IP address (173.191.14.188) will cause the machine you are > >> > testing from to try to contact that IP directly. It won't go to DNS > >> > therefore your DNS record is doing nothing. This is expected behavior. > >> > If > >> > you couldn't access the IP address before, you probably won't now. > >> > 3) The problem likely lies with your router. Many routers do not do > >> > loopback connections. In other words, it expects connections to the > >> > public > >> > IP only from the external interface. It will ignore and drop traffic to > >> > the > >> > public IP from the internal interfaces, thus when you are attempting to > >> > access your machine with a public IP from within your LAN, the public > >> > IP is > >> > causing the local machine to contact the default gateway (your router) > >> > and > >> > your router is not forwarding that traffic back to your SBS machine. > >> > This > >> > isn't an SBS issue, but a router issue. To resolve it, you'll need to > >> > refer > >> > to your router documentation or contact their support staff. Each > >> > router is > >> > different. > > >> > -Cliff > > >> > "-Draino-" <randyd...(a)gmail.com> wrote in message > > >> >news:55a3d697-1b4b-421f-b826-69e1526268ce(a)l28g2000yqd.googlegroups.com... > > >> > > When I access my server from outside my LAN I use something like > >> > >http://173.191.14.188/page.html > > >> > > When I access my serer from inside my LAN I use something like > >> > >http://servername/page.html > > >> > > I want to be able to accesshttp://173.191.14.188/page.htmlfrom > >> > > INSIDE my LAN but I can't. I have added a forward lookup A record in > >> > > DNS but it still doesn't work. > > >> > > What do I need to do?- Hide quoted text - > > >> > - Show quoted text - > > >> We host a web application on our SBS2003 server. It's a package > >> tracking app that the drivers log into for real time package tracking. > >> It's not really "page.html" but it is a software app from Xcelerator > >> that our Mobile-Tek handheld devices dial into. We use a "Dock > >> Scanner" in the early AM to scan the load and all the packages go into > >> the Xcelerator program. As the drivers scan their packages for loading > >> they come off the database to show they are on the truck. When they > >> are delivered the handhelds send that info to the server to show the > >> package has been delivered. Something like UPS or FedEx. > > >> Our server has an IP address of 192.168.16.2 the router is > >> 192.168.16.1. All our workstation use the SBS server for DNS. So all > >> internal address get resolved using something like > >>http://servername/Xcelerator/Mobile/..... what ever, to access the > >> Xcelerator program. Outside the handhelds use > >>http://173.181.14.188/Xcelerator/Mobile/......what > >> ever. > > >> So I guess this is a router issue, I was just wondering if there was a > >> way to resolve it differently when accessing Xcelerator internally. > > > No its not a router issue, its how you've set it up. You said that > > (quote): > > > "Outside the handhelds usehttp://173.181.14.188/Xcelerator/Mobile/..... > > what ever." > > > There is your problem. You are using your IP address. If you use an > > explicit IP address then the same address won't work both internally and > > externally. Use a DNS name instead and point that to your public ip > > address. I'd suggest either creating a sub-domain of your main domain-name > > just for that purpose, but the choise is yours. You can then re-map that > > name internally to point to your server allowing you to use the same name > > both internally and externally. > > -- > > Brian Cryer > >www.cryer.co.uk/brian- Hide quoted text - > > - Show quoted text - This would seem the easiest way to fix. I use a Comcast Business Class router and haven't had time to check to see if this router is capable of loopback.
From: Brian Cryer on 10 May 2010 04:20
Licensing is an interesting question. Whether its worth having a separate server for web hosting probably depends on what you are doing. Many SBS systems happily host websites on their SBS server and indeed I think its a standard out-of-the-box configuration. After all, outlook web access is a web application and I think we'd have problems trying to run that on a separate server. However, I do agree with you in principle. Of the two sites I look after, one hosts on a separate box the other only has a test site on it (no real traffic) and is hosted on SBS. -- Brian Cryer www.cryer.co.uk/brian "Cliff Galiher - MVP" <cgaliher(a)gmail.com> wrote in message news:6038D08C-79F9-4711-B796-61BE21D5B4FC(a)microsoft.com... > Licensing gets sketchy with hosting as well. I believe that if there is a > business need to host a web app internaly then the business is big enough > to afford a separate non-domain-controller server. Windows Server Web > Edition is not expensive. > > -Cliff > > > "Brian Cryer" <not.here(a)localhost> wrote in message > news:eOaTJlP7KHA.2292(a)TK2MSFTNGP04.phx.gbl... >> "Cliff Galiher - MVP" <cgaliher(a)gmail.com> wrote in message >> news:B3B8223F-DDF2-4BE4-A3AA-ABFDE75D7DDF(a)microsoft.com... >>> There are a couple of things worth mentioning here: >>> >>> 1) the "page.html" has me very nervous. You should NOT be hosting web >>> content on your SBS server. Just need to mention that. >> >> It opens the possibility of security issues and I wouldn't recommend it >> for anything busy, but I wouldn't go so far as to say should not host. >> Just be careful and ensure you know what you are doing. >> -- >> Brian Cryer >> www.cryer.co.uk/brian >> |