IP addresses - public and private 1

[genovaweb]

Sorry this is a beginners question about neworks.
I am running Apache 2.2.14 in Mandriva Linux. Apache runs without errors.
I didn't realise there are private IP addresses and public addresses so I set up the config file with the IP 192.xx from my computer and regisered the vanity site with a DNS service. The internal LAN worked perfectly but, as I am sure anybody more experienced than me knows, I could not connect from outside.

Now I have used IP lookup to establish the public address 83.xx, changed the main config file to the new address and the network does not function and still no access from outside. I logged in several times and the public IP did not change so I am assuming static DNS is the correct place at the DNS server. The request for the web site and ping both time out, not a "can not connect" message

I have disabled the Linux firewall with no result.

So, if anybody could either give me or point me to a childrens guide on how to set up a publicy accessible server I would be very grateful (and perhaps will still have some hair at the end)

 

[Noway2]

You are on the right track. In order to host a website that is public accessible, you need to have it on a public IP address. Additionally, the URL needs to be discoverable by a public DNS.

You haven't stated, but I am going to make a couple of assumptions: 1- that you are behind a router that performs NAT, 2 - that you have a dynamic IP address from your provider. If these assumptions are true, the easiest thing to do is to register your domain with a dynamic IP address provider, such as DynDNS. (Note, DynDNS has some decent how to documents on setting up a publicly addressable server). If you already registered the domain you may need or want to transfer it to a provider such as this. This will put your domain in the public DNS servers and make it locatable even if your IP address changes.

Next, you need to either put your server in a DMZ or or port forward the ports to your server on your (private IP) LAN (port 80 for regular web pages). This means that if someone attempts to connect to your public IP port 80, it will automatically translate to your private IP address port 80.

From your description, either or both of these things could be your connectivity problem.

If you have a static IP address things are a little simpler in that you can simply register your domain into the DNS. I seem to have read that GoDaddy will do this for a reasonable price.

 

[genovaweb]

Thanks Noway2
IP trace always gives the same public IP number so I am guessing that it is static.
I don't know what NAT2 is but you are right to assume that I am behind a router and I don't think I can get at the routing instructions

I have no idea how to port forward from port 80 to another port (perhaps 8080?) and I only know DMZ as demilitarised Zone. I guess there must just be a line of code to enter in Apache, can you give me a clue?

The site is registered, the DNS manager at the registrar points to the correct DNS server and trace resolves correctly to the DNS server each time I have changed the IP address.

I am happy to change from static to dynamic at the DNS server registration but if you could just help a little more with DMZ and port forward.

Thanks for your help so far (and on a previous occasion)
Peter

 

[Noway2]

Your original post gave me the impression that you are attempting to host a web site from your personal (home) via your Internet connection from your ISP. Is this correct?
For the moment, I will assume that it is, and answer your questions accordingly.
NAT stands for Network Address Translation. It is a function provided by a router, typically used in home and small business LAN situations where multiple computers / people share a common Internet connection. When person one (e.g. IP=192.168.0.5) and person two (e.g. IP=192.168.0.10) each try to access a web page or other resource, the router keeps track of which connection is for whom and translates the private 192... addresses to the one public IP address assigned by the provider but uses different ports. The conenction can work in reverse too, which is the port forwarding. In port forwarding you tell the router that you want incoming connections on a particular port to be routed (translated to) a particular private IP address. This setup is routinely performed via the web page interface of your router from the LAN side.

In networking DMZ also stands for demilitarized zone and I personally think that someone with a sense of humor coined the term. Basically, when you place a private IP in a DMZ, you will bypass the router's protection and subject that PC to all of the public traffic. It is a less secure, but simpler way to place a PC out in the public domain.

It really doesn't matter if you have a static or dynamic IP address. Either can be used effectively. It is just a matter of knowing which you have and taking the correct steps. I have a cable modem which is technically a dynamic IP, but I have only seen it change once in a year. A relative, who has a DSL account has a static IP address by default. Just differences in the providers.

When you say that the DNS query returns the proper lookup, it needs to return the (public) IP address of the server. If this server is behind a router, you need to configure the router for port forwarding, as described above.