Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

website viewable internally only despite 'A' record

Status
Not open for further replies.
dbromberg

dbromberg

Programmer
Jun 24, 2002
29
0
0
US
I have a website running (well sort of) on my win2k server. We called our providers (AT&T) and had them create an 'A' record for with one of our external ip addresses as the ip given to them (one from our list is what head of MIS told me), where there was only previously a mail.sitename.com, which was our exchange server. After they had created the 'A' record the site still wouldn't pop up, and since this was my first time doing this, I tried something. I went into dns manager on one of the other servers and created an 'A' record there for the pointing to the internal ip address of the server that had the website on it. Bingo! I could access the website. It wasn't until a couple days later that someone told me they couldn't access the site at all from out of the office, i.e. the 'A' record I had created in our dns servers allowed those inside to point to the server, but no one outside. I tried adding an 'NS' record in our DNS server for for kicks and that didn't do anything either. Really am at a loss for what to do here. Is there an additional step I need to take? Or do you guys think AT&T doesn't have their stuff together. Conceptually, there must be something to link their 'A' record IP address (which is just one of our external ip's) with the internal ip address of my server, and I thought that thing was the DNS inside 'A' record I created, but I guess not. Please help.

-dbromberg
 
Sort by date Sort by votes
Have you tried using the external ip address? If you can't get to the ip address from the outside a DNS entry isn't going to do any good.
 
Upvote 0 Downvote
Alot depends on your setup;

In a standard (more or less) configuration, your web server would have an internal IP address. It would NOT be accesible from the outside world.

You web server needs an external address to be seen. This is typically done at the firewall (Cisco PIX, Microsoft ISA, Checkpoint Firewall-1, etc.) The firewall will map the internal IP to an external IP.

You usually don't want to give a machine (and this really applies to IIS) an external IP address. Your machine should be behind a firewall, or have firewall software install, or TCP/IP filtering on, or something.


Let's say you have domain.com. It sounds like AT+T is your DNS host.
When someone wants to visit your website, their machine will look at AT+T's DNS servers to find out were it is.

AT+T's DNS servers will say that domain.com is at x.x.x.x. That should be the external IP address of your webserver.

If you have have to give your machine an external IP address (bad idea, please use firewall!), use TCP/IP filtering, or some kind of free firewall solution. And make sure your machine is patched; Code red, Nimda, and other viruses can really make for a bad day.

I kinda simplified the above example, but it should give you an idea of howsome of it works.


Shipmate
 
Upvote 0 Downvote
We have a firewall- Watchguard. I think I found where you mean. There's a part that's 'filtered http' and there already is an entry in there for an external ip address to an internal ip address in the format xxx.xxx.xxx.xxx->yyy.yyy.yyy.yyy where the x's are the external, and the y's are the internal. The internal one is the one for our mail.hostname.com and I assume the external is the one for the 'A' record for that. Just to verify, is this what you mean?

-dbromberg
 
Upvote 0 Downvote
Sounds like you need to check a few things;

First verify AT&T created the record you need for the external IP address, ping from an outside connection this should resolve to the external ip you specified. The ping request may or may not time out depending on your firewall or router's configuration.

If that's correct then you need to look at how NAT is setup for the external ip to your internal ip on the web server and verify port 80 traffic is allowed on the external ip into your network. Also verfiy the IIS configuration has the necessary host header under the site properties general page advanced tab. The host header maps the url to the ip address assigned to the site.

Good luck,
Todd
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

dpellegrini
  • Locked
  • Question
Website will load using hostname but not IP address
Replies
3
Views
190
mangentle
mangentle
DrB0b
  • Locked
  • Question
Windows 2016 IIS FTP server with a ton of user accounts
Replies
4
Views
144
DrB0b
DrB0b
mangentle
  • Locked
  • Question
What could be the potential causes if a Microsoft Windows Server is experiencing slow network!
Replies
1
Views
138
gbaughma
gbaughma
DTGMI
  • Locked
  • Question
WIN 10 Pro PC & Adding back to our Network
Replies
0
Views
92
DTGMI
DTGMI
maybeimaleo
  • Locked
  • Question
Is There a Best Windows OS to Upgrade a CA Server to?
Replies
5
Views
88
maybeimaleo
maybeimaleo

Part and Inventory Search

Sponsor

Back
Top