Apache Server in DMZ can not be reached.

[eltech]

Hello all.

I was wondering if anyone can lead me into the right direction with this setup.

We had to recently move our server behind a Belkin router; yes i know ..

So because the router was limited in the amount of ports it could open and this particular server runs so many applications i put it in the router's DMZ.

DNS has propagated and all works fine; mail, the websites, etc.

But for some reason the websites can not be viewed internally. To the world it can be viewed, no problems. Just internally it doesnt work and only the error "Page can not be displayed" is given.

So i have the apache server setup running all the websites under 1 ip (LAN IP) 192.168.2.100:80. When http://192.168.2.100 is typed into an internal browser, the default website pops up.

So, the way i see it, going out to the world for an internal site is ok, but i wouldnt mind just having the domains on their own internal IPs and set a link in like favorites for users. ex: www.domain2.com = 192.168.102, and still have them available to the world.

Hope am being clear..

I have messed with the HOSTS file on the client machines, i've tried it all.

So here is my setup and my questions.

Setup:
-Apache running multiple sites
-Bind hosting DNS for the multiple sites.
-Apache is hosting all the sites under a single LAN IP (it is the ip of the server box, 192.168.2.100
-i dont have multiple public static ips to use for the other domains

Questions:
- What would be needed to change to assign the other websites i host different internal LAN IPs? like
www.domain1.com = 192.168.2.100
www.domain2.com = 192.168.2.101
etc......

- Would bind play a role in this change?
- Would setting up a internal zone in bind work? how would i do that?

[eltech]

bump?

[kashani]

layer2 end run around is my guess with the limited info you've posted. See this link for a more detailed explanation.

https://forums.gentoo.org/viewtopic.php?t=156901&highlight=kashani+layer

kashani
_________________
Will personally fix your server in exchange for motorcycle related shop tools in good shape.

[eltech]

[nightblade]

[kashani]

Hey limited info is limited. You're an IT guy, I expect better from you.

In any case to really tell what's going on we'd need to know the client IP's. Are they the same range as the server? Maybe a bit about the gateway for the internal clients and how you're routing to the server. Can you ping the server or is it just port 80 you can't reach? Maybe some nice dotted lines network diagrams as well. And the ifconfig and netstat -rn from the server.

In any case you can ignore the nonsense about DNS and look at the explaination about how layer 2 has preference over layer 3. That was the important part of the thread.

kashani
_________________
Will personally fix your server in exchange for motorcycle related shop tools in good shape.

[kashani]

[nobspangle]

The solution with the hosts file will work, you have to put the entry in all the hosts files of the client machines it needs to be

[eltech]

[eltech]

Secondly, what would the whole entry for the named.conf look like with both entries in order, am asking about the ones you noted.

Should i be setting up a zone file for the local servers?

Should i changing the internal ip addresses for every site i host in apache?

Where can i get more info on this kind of set up..

[eltech]

bump

[nobspangle]

google link

The top one should tell you everything you need to know

[eltech]

The router was the culprit. After exchanging the router with a Linksys BEFSRv11, all was well