Can't access website from outside firewall 1

[aristos]

Hello.

I'm not sure this is the right forum to post on, but it's the only one I could figure would even be close, so here goes...

I'm having an issue with accessing an internal website from outside of our firewall. The firewall is a Hawking PN9245F.
When I'm inside the firewall, I can access the website via its IP address (10.x.x.106) or via its name in the DNS server,

http://www2.

I have another website whose internal address is 10.x.x.66. I can access that one from internal via the IP address or DNS name as well.
In the firewall, I use the DMZ feature to route an external IP to the appropriate internal IP. For instance, external IP 216.210.230.77 points to 10.x.x.66 and it works just fine. When I change the DMZ settings to have 216.210.230.77 point to 10.x.x.106, it doesn't work. I get a host not found error message. I'll put

http://216.210.230.77

into my browser at home and nothing...
I check my Apache logs (there's the On-topic tie-in...) access_log, error_log but there's no mention of any activity on the server. It's like the request never got past the router.

I've looked at my router logs, and there's nothing there, either.

So... a puzzle. Anyone care to proffer suggestions as to where to look/things to change?

Many thanks in advance.

Mike Mike
<this space for rent>

 

[iSeriesCodePoet]

Is port 80 open? Do you need to in a DMZ? iSeriesCodePoet
IBM iSeries (AS/400) Programmer

 

[aristos]

You mean port 80 on the web server?

Mike Mike
<this space for rent>

 

[iSeriesCodePoet]

Both the server and the firewall. iSeriesCodePoet
IBM iSeries (AS/400) Programmer

 

[RhythmAce]

Your webserver does not need to be in the DMZ but you do have to forward all http (port 80) traffic to the internal ip address of the server. If you are using the same machine for a mail server, you must also forward smtp (port 25) and pop3 (port 110) to that ip or what ever machine is hosting the mai server server. The same goes for any other servers you have running.

 

[aristos]

Well, all these sound fine and good except that I'm not doing *any* port forwarding or PAT.

Port 80 is open, as I can access the site from inside the firewall just fine.

It works just fine with one server (machine) but not another.

Everything that comes into the router bound for the website (IP 216.210.230.77) gets routed to that server.

If I have the current server (IP 10.0.0.66) entered into the DMZ, it works. If I put the new server (IP 10.0.0.106) into the DMZ it doesn't. I make *no* other changes...

There are no entries in the access_log or the error_log which lead me to believe that the firewall is not talking to the web server (IP 10.0.0.106). But that's strange, since I can access the web server from *inside* the firewall just fine by typing in the IP 10.0.0.106.

I'm stumped. Mike
<this space for rent>

 

[SonGoku]

Check whether you've got any kind of IP filtering configured in the new server, so that the request goes in to the server but gets blocked before hitting the http service.

SonGoku

 

[aristos]

If I *did* have such filtering, would it show in any logs? I've looked at the logs and don't see anything, and I don't believe I have any filtering happening on the server. Mike
<this space for rent>

 

[iSeriesCodePoet]

They would show up in your firewall or filter log, not apache. iSeriesCodePoet
IBM iSeries (AS/400) Programmer

 

[aristos]

As I figured they would.
No such entries in any logs. I don't have any filtering in place.

*sigh* Mike
<this space for rent>

 

[aristos]

Well, we finally figured it out.

There was no default route *out* of the box. Go figure. A simple...

route add default gw 10.x.x.x

and we were good to go. Thanks all
Mike
<this space for rent>