Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Can't View website inside network, but can outside

Status
Not open for further replies.
Apr 20, 2003
10
US
Alright, here is the problem.

We have a Windows 2000 network setup to host our email and website. DNS has been set up as the primary name server for the network and all is well with external clients.

Internally, the name get's resolved to our public IP address and comes up with a "This page cannot be displayed" error on IE.

If I manually change the \etc\hosts file on a client to point to our internal address, everything works like a champ, even if they are connected outside the network.

I am sure this is a DNS or NAT issue, please help.

 
I'm having the same issue. Check ou this thread: thread950-529858

Is this the same scenario (sort of)? Are you using DHCP?

"Scientists have proven that living actually causes death."
 
I'm not sure if it is the same problem. I am using DHCP and am sending DNS, Name Server, Domain to the clients and the network works great.

The problem is that the forward lookup zone for to our external address. This address, when viewed from the inside does resolves to the firewall external port and not to our server.

I don't know how to change it, unless I manually change the \etc\hosts file which it appears to override the DNS server for that address
 
Change the forward lookup on your internal dns server to point to the internal ip of your webserver.. It will work like a charm!
 
Rory,

Here is the problem when I do that, the outside world cannot view our website. We are utilizing our computer as the name server for the website, therefore, when I change the forward lookup, outside clients resolve to the internal address and not the external.

Am I missing something here?

 
this is a long shot but are you using a firewall that doesn't support "loopback" like Sonicwall ?
some firewalls do not allow (by default) internal IP to access external ones.
a quick test of this is can you ping or telnet to port 80 on that IP address from inside of your network.

hope that helps
 
I can ping the external address of the firewall. The firewall is a Watchguard Firebox.

I'm pulling my hair out trying to figure this out.

Anyone please help
 
No. Gives me a Could not open a connection to host on port 80: Connect Failed
 
Is there an option on your firewall to allow internal ip's to access the external ip on port 80??

How many workstations are on your internal network???...the only alternative I can think of if you cannot allow internal traffic to access the external ip is if you either had a DNS server for internal traffic like a windows box and had a forward lookup pointing to the internal ip... (I had the same problem and this is how I resolved it.) and an external DNS server running say Linux.

Or to add the ip to all internal workstations in the hosts file.

I hope this helps!
 
I will look at the external port allowing access to port 80. I'm not sure or that experienced on that. It definitely allows the traffic through.

I can update the local hosts file, I was just hoping there was some automated way to do that, incase we add some new websites, etc. We only have one server at this point, so we only have one name server.

Do you know of an automated way, with batch files (maybe using DHCP) to download the host file info to the client or will I need to do it each time. There are only 15 internal clients, but looking to make it is future proof as possible.

Thanks!
 
Colomadman,

Are you currently running login scripts? If so, you can put your hosts file in the netlogon directory of your server and add a copy command in your batch file. This way it will run whenever your login script runs.

Good Luck!!!

Tim Cambridge
A+, CCNA, MCSA, MCSE (W2K)
 
I do run login scripts, however, here is the issue that I would have with that. We run every version of Windows from 98 on and it appears that the hosts file is located differently on each version of windows. Is there a way to write the script line to cover all versions of windows???
 
No. Don't even have a clue what it is. I use the Windows 2000 login script option and then utilize a batch file on the SYSVOL to set time and map all of the drives to shares.
 
I don't do a lot of scripting but you should be able to use an IF-THEN-ELSE statement to look for NTLDR on your NT/2000 machines. If it exists:

copy \\servername\netlogon\hosts %windir%\system32\drivers\etc

If it doesn't exist:

copy \\servername\netlogon\hosts %windir%


Good Luck!

Tim Cambridge
A+, CCNA, MCSA, MCSE (W2K)
 
I have had a similar problem as well. I have a Windows 2000 Server that is the primary domain controller (internal name is newserver). I have another Windows 2000 Server that is simply a member server without Active Directory installed. The website is hosted on the member server. The internal member server's name is ebcweb.

I went into the DNS control panel of the PDC server. I set up a forward lookup zone (ie: example.com). Under that domain, I set up a host (A) record for put in the IP address of ebcweb which was 192.168.1.5.

I tested it with Internet Explorer on the PDC server and it worked immediately. You have to release and renew the DHCP clients IP address before this will take effect on the clients.

Hope this helps!

Wesley Jones
 
Wesley,

That helps, except for one thing. I am utilizing our server, and we only have one, as the name server. If I change the forward lookup zone to the internal address, it does not resolve correctly for external clients. Do you have this same type of setup?

Craig
 
Is your internal domain the same as you internet Domain name usually i set up my networks to be called internal.my_domain_name.com ...this way you can get around these types of issues...But besides that. Can you not setup a server alias to point to point to the same web?? and get your internal users to use that url.
 
OK, here is one more thing you need to check out. Go to the TCP/IP properties of your server's lan connection. Set the primary DNS and secondary DNS server IP address to be the IP address of your server.

Next, start the DNS manager. Right-click on your server and go to the forwarders tab. Check the enable forwarders box and list at least 2 DNS servers outside your firewall (probably one of your ISP's servers and maybe another DNS server outside your ISP). Do not check the do not use recursion box. Also make sure that Port 53 on your firewall is being forwarded to your server.

Restart the DNS service. Go to a client workstation and reboot the machine. Then test the website.

Let me know if this does not work...there is one more thing you can try with a reverse lookup zone.

Wesley
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top