General discussion

Locked

Unable to access own website via FQDN

By JRentschler ·
Recently, I changed the config in my router to perform some basic NAT. Previously, I used a very effective firewall, but I've been forced to rely more on my router for protection for a time. I mapped out various private IPs to my public IPs to get connectivity to my organization's website for the world. Ports 80, 8000, and 8080 tcp and udp in particular. However, while the site can be visited with no problem from outside of my LAN, I can no longer access it from inside my LAN via it's name. The same holds true for my SMTP server. The internet can get to it by name, but my users cannot. I have to get to it via the private IP of it's server. This is a major problem because my users need to access it from inside to communicate with me and changing all of their shortcuts to reflect the private IP would work, it's a daunting task. I've checked the DNS settings and everything seems to be fine, but I'm obviously missing something.

This conversation is currently closed to new comments.

1 total post (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by Joseph Moore In reply to Unable to access own webs ...

Do you run DNS internally, as in do you have your own DNS server? Or do you rely entirely on external DNS servers?
I would set up an internal DNS server that points to the internal LAN IP address for your web server. Then, have all clients use that DNS as their primary DNS server. That way, when an internal client goes to www.yourdomain.com, the internal DNS server would resolve that to the internal IP address, and request that IP address.

Sometimes, due to the way the routing is set up, an internal client cannot access the static public IP for their own network. That is probably happening for you.

So, if you set up your own DNS and point www.yourdomain.com A record to the internal IP address of your web server, and have your internal clients use this DNS server as their primary DNS server, then everytime the internal clients go to the site, they will be directed to the internal IP address. And that should work for them. That way, they don't get routed outside the router, which can't route to itself.

hope this helps

Back to Networks Forum
1 total post (Page 1 of 1)  

Related Discussions

Related Forums