Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations bkrike on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Web server behind a NAT server?

Status
Not open for further replies.
jahlmer

jahlmer

Technical User
Aug 23, 2000
143
US
Using a NAT server to share a resource, yet placing a web server behind it on the private network.

NAT Server: Internal 192.168.1.1 / 24
2nd IP 185.0.0.1

Nat mapping 80 to 185.0.0.2

Web Server: Internal 192.168.1.2 / 24
2nd IP 185.0.0.2

If the web server can ping other servers on the 'internet' and the internet can see the web server (on port 80, it opens up and whaterver.com

However, the NAT server cannot resolve back to it, and neither can itself using or , because the NAT server is not mapping that port from internal requests

The DNS server is 185.0.0.100
It's entries are

whatever.com
- ns 185.0.0.100 (itself)
- soa 185.0.0.100 (itself
- A (host) -whatever 185.0.0.1
- CNAME (alias) -
the IIS website on 185.0.0.2 is bound to 'all unassigned' IP addresses , and default website is stopped.

FROM THE INTERNET, it all works flawlessly
FROM THE INTERNAL NETWORK (NAT server, WEB server, and CLIENTS), the domain resolves to the NAT server's IP.

There are NO static routes set up,

Any suggestions, ideas, inklings, questions, everything is welcome to solve this.

Thank you!
 
Sort by date Sort by votes
First NAT servers will ignore the DNS entries if the Request sends the IP address which is what happens on the OUTSIDE.

the internet client already has the IP address to the NAT server from another DNS server, so when the request to browse your website comes in the NAT does it thing and sends the request onward to the IP address not the Domain Name.



Now on your internal network your clients can not find the pointing record to the from your DNS server because looking at what you posted Those records don't exsit.

Create the pointing records on the DNS to pointing to 185.0.0.2 that should fix your problem. Because looking at what you posted you never created the Entries for your network.

hope this helps
 
Upvote 0 Downvote
HI.

The internal web-server should have only the local IP address configured.
It does not have to know about the "outside" IP 185.0.0.2, since the NAT server translates it.
This will not solve your problem but make your configuration "cleaner".

You may work-around the name resolution problem in several ways.

* If using internal DNS server that is used by internal clients only, configure a mapping to 192.168.1.2 instead of the external IP .
If not using an internal DNS - It is time to think about it for solving this and also for better performance.

* You can instruct internal clients to browse to the short NETBIOS web server name.

* You can implement a HOSTS file on local clients to map to the internal web-server address.

There might be a solution in the NAT server - but currently I don't know of a specific one.

Bye

Yizhar Hurwitz
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Aquiles Vidal
  • Locked
  • Question
Web Browsers in Windows Server or Terminal Server
Replies
0
Views
724
Aquiles Vidal
Aquiles Vidal
MaioMaio
  • Locked
  • Question
Server Remote Desktop License
Replies
0
Views
541
MaioMaio
MaioMaio
rzammit82
  • Locked
  • Question
Windows Server 2016 - DNS/AD problem
Replies
1
Views
946
suncit
suncit
antonio_dsanchez
  • Locked
  • Question
post-installation WSUS windows server 2016
Replies
0
Views
567
antonio_dsanchez
antonio_dsanchez
jamescpp
  • Locked
  • Question
Windos OpenSSH server vulnerability
Replies
0
Views
680
jamescpp
jamescpp

Part and Inventory Search

Sponsor

Back
Top