 | | | Can this be Done? | Can this be Done? 2005-05-06 - By NetSuporte
Robert Zagarello wrote:
>Phillip,
>
>I sympathize with your network issues. All I can
>offer is some general guidelines to assist in
>debugging where the real problem(s) are occurring.
>Sometimes network problems are far from
>straightforward and yes can be a pain in the arse.
>
>What I suggest is for you to try to simplify your
>access issues from outside your network using
>small-step test scenarios (and I apologize if this
>sounds way too general, not to sound like you haven't
>tried doing this already, but just in case you haven't
>tried this thinking - often it is easier to help
>someone than to help yourself). Sometimes all it
>takes is to hear something truly irrelevant to help
>with a problem, and that is what is best about forums.
>
>
Thanks Robert,
I understand this very well as I can usually help a client step through
a problem better than I can help myself.
I think it is because we inherently have too much knowledge about what
we are trying to do, kinda a forest for the trees issue.
> For example:
>
>1. Get your internet access working with SSH before
>trying to get it to work with your web service.
>
>
I can sftp and ssh (telnet) to the server from the local net. ( it is
the only way I can go from one computer to the other)
I need to find away to login to a remote site and ssh back to the
server, right now I only have the three computers on my local lan for
testing. I am assuming this means SSH is working.
>2. Another is to try accessing using your IP address
>only when testing, because this removes the name
>translation dependency.
>
>
I try both each time I change something.
>3. It has been my experience that browser access via
>web service introduces issues not normally involved
>with network access. For example, if you haven't
>rebooted or restarted your web browser and your
>address on your web server has changed, your browser
>may "remember" it in cache and not accept the new IP,
>leading one to believe it is a network issue when in
>fact it is the stupid browser (IE does this for
>example).
>
>
Good idea, as I am having access tested by a friend outside my network
and he leaves his computer on 24/7 and more than likely does not exit
his browser. I'll check this out. On the local side I have done this and
I can see the website by the name or IP, BTW I have assigned a special
port to avoid the ISP blocking access ie port 8222 instead of port 80.
>4. Remember that your web server needs to find you on
>the remote side and this is what hosts and perhaps
>resolv.conf on your web server is good for, and that
>different OSs may handle resolv.conf differently (I
>haven't had the need to mess with resolv.conf, for
>example, in NetBSD, because I use DHCP).
>
>
I use DHCP only for the windows machines that are used by the rest of
the users.
For my Linux machines I have assigned IP addresses outside the
router/DHCP range due to application dependencies that need the same IP
to function properly.
>5. Remember that your web server, if on a private
>LAN, is NATted through your router, and that you have
>to tell different pieces of network access software
>the right IP for a given name to work. For example,
>I've had to put my router's IP in my web server's
>hosts file because otherwise it will translate itself
>to its private LAN address when using its FQDN and
>won't go to DNS to find it (this doesn't mean it will
>work that way for another OS, for example).
>
>
I did not try to put the router's IP in the servers host file because
when I type the "route" command it router IP is the default.
Is this not the same idea?
>If I think of anything else that may be completely
>irrelevant that may trigger a thought to help solve a
>problem I'll send again.
>
>Good luck... BZAG
>===============================
>
>--- NetSuporte <netsuporte@(protected)> wrote:
>
>
>
>>For the novice the message it sends for DDNS
>>configuration is use TZO or
>>don't configure DDNS here.
>>
>>My objective is to have complete control, for now I
>>am trying both the
>>DynDNS and the TZO (free versions) until I figure
>>this out and it is
>>working. So far Apache2 is running fine my problem
>>is access to my web
>>server from outside my local net.
>>
>>Perhaps this is not where to go for my DNS issues. I
>>am very grateful
>>for any help I can get though ( I tend to over
>>complicate things).
>>
>> As it goes I am using Debian 3.1 and I am finding
>>that a few things
>>have changed since I read about DNS configuration,
>>as an example the
>>instructions step-by-step I have to setup a DNS
>>server are not valid
>>with Debian as they decided to split the
>>"named.conf" file into several
>>small conf files and move the "named" stuff all into
>>/etc/bind. It makes
>>since but for a beginner jumping from file to file
>>to understand
>>examples is a pain in the ass.
>>
>>Bottom line it is still not working my California
>>office cannot find my
>>website in Brazil.
>>
>>One document I read says use local IP in the
>>/etc/host for my system,
>>another says use the "assigned" IP from my ISP which
>>is displayed on the
>>router interface and via the DynDNS/TZO control
>>panels. Also I have
>>conflicting examples of what to put in "resolv.conf"
>>and how to assign
>>my IP's or a single IP to 1) my system 2) the web
>>host/server 3) the
>>DNS server 4) virtual hosts
>>
>>Once I sort this out I should have enough knowledge
>>to back out of
>>DynDNS and TZO as they only add additional "Domain"
>>issues
>>the domain I want is not used anywhere and I don't
>>like the "free"
>>choices I am given. I don't want to work "in the
>>box" or "outside the
>>box" I want to work as if there is "no box" after
>>all who said I have to
>>pay to use the Internet, it is bad enough I need to
>>pay to access it,
>>however I offset this cost by using VOIP to
>>eliminate by phone bills,
>>but that is another forum all together.
>>
>>Please keep the advice and suggestions coming.
>>
>>thanks too all who respond ( even the other old
>>folks ;-)
>>
>>-Philip
>>
>>
>>Stephen Cook wrote:
>>
>>
>>
>>>this just means that you CAN use their service,
>>>
>>>
>>but you can still set
>>
>>
>>>up port forwarding and such manually and use
>>>
>>>
>>DynDNS.org or no-ip.com
>>
>>
>>>or whatever. the built-in option is just simpler
>>>
>>>
>>to set up (not by a
>>
>>
>>>whole lot either), at the price of actually having
>>>
>>>
>>to pay.
>>
>>
>>>NetSuporte wrote:
>>>
>>>
>>>
>>>>Robert,
>>>>
>>>>I also used the free service of DynDNS
>>>>
>>>>the model I have is ( network everywhere )
>>>>
>>>>
>>LynkSys
>>
>>
>>>>cable/DSL router Model Number:NR041
>>>>
>>>>This is on the DDNS configuration screen inside
>>>>
>>>>
>>the router:
>>
>>
>>>>DDNS (Dynamic DNS) allows assigning a domain name
>>>>
>>>>
>>to a dynamic WAN IP
>>
>>
>>>>address,
>>>>making it easier to host Web, FTP, or other
>>>>
>>>>
>>servers.
>>
>>
>>>>The Dynamic DNS service is powered by TZO.com.
>>>>
>>>>To use the Dynamic DNS Services, please sign up
>>>>
>>>>
>>for a free 30 day
>>
>>
>>>>trial
>>>>
>>>>
><http://www.tzo.com/MainPageDownload/30days_free.html>
>
>
>>>>To order the TZO service, click here
>>>>
>>>>
>><http://www.tzo.com/order.html>
>>
>>
>>>> To manage your domain name and related
>>>>
>>>>
>>services:
>>
>>
>>>>Controlpanel.tzo.com
>>>>
>>>>
>><http://Controlpanel.tzo.com>
>>
>>
>>>>TZO Password Key: -philip
>>>>
>>>>
>>>>
>>>>Robert Zagarello wrote:
>>>>
>>>>
>>>>
>>>>>NetSuporte,
>>>>>
>>>>>I use a D-Link DI-624 that doesn't complain.
>>>>>
>>>>>
>>Who
>>
>>
>>>>>wants to charge you? I did not use DynDNS's
>>>>>subscription $$$, only their free service. It
>>>>>
>>>>>
>>means
>>
>>
>>>>>you have to use one of their domain names.
>>>>>
>>>>>I'd like to know the Linksys model you are using
>>>>>
>>>>>
>>so I
>>
>>
>>>>>can tell people to avoid it ! Thanks. BZAG
>>>>>=================================
>>>>>
>>>>>--- NetSuporte <netsuporte@(protected)>
>>>>>
>>>>>
>>wrote:
>>
>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>>Thanks Robert
>>>>>>
>>>>>>Right off I ran into a snag my Lynksys router
>>>>>>insists I use TZO.COM
>>>>>>and they charge a fee after 30 days.
>>>>>>
>>>>>>That really sucks as I discovered this after
>>>>>>
>>>>>>
>>signing
>>
>>
>>>>>>on with DYNDNS.ORG
>>>>>>Where they assigned me a domain of
>>>>>>
>>>>>>
>>homelinux.com A redirected host
>>
>>
>>>>>>name of quecaixa.webhop.net with
>>>>>>the redirected URL of www.quecaixa.com.br:8222
>>>>>>cloaked - yes
>>>>>>cloak = www.quecaixa.com.br
>>>>>>
>>>>>>Not sure what the cloaked stuff is about
>>>>>>
>>>>>>
>>exactly but
>>
>>
>>>>>>with or with out I still
>>>>>>cannot get to my server outside my own net.
>>>>>>
>>>>>>So I will try to enable DMZ and see if it
>>>>>>
>>>>>>
>>helps.
>>
>>
>>>>>>Philip
>>>>>>
>>>>>>Robert Zagarello wrote:
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>>Here are some guidelines for running a private
>>>>>>>
>>>>>>>
>>web
>>
>>
>>>>>>>server on your home network for internet
>>>>>>>accessibility. I think I've included
>>>>>>>
>>>>>>>
>>everything. This is actually
>>
>>
>>>>>>>what I am using myself (am running
>>>>>>>NetBSD) and it is working:
>>>>>>>
>>>>>>>1. Use Dynamic DNS and a 3rd party DDNS
>>>>>>>
>>>>>>>
>>service
>>
>>
>>>>>>>provider like dyndns.org. There should be an
>>>>>>>
>>>>>>>
>>entry
>>
>>
>>>>>>>for DDNS in your home cable/DSL router for
>>>>>>>
>>>>>>>
>>this.
>>
>>
>>>>>>You
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>>don't need an internet registered domain and
>>>>>>>
>>>>>>>
>>DNS
>>
>>
>>>>>>>address - the DDNS service will do it. You
>>>>>>>
>>>>>>>
>>don't
>>
>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>need
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>>a static IP address from your ISP for your
>>>>>>>
>>>>>>>
>>router.
>>
>>
>>>>>>>2. Install and run the SSH daemon for remote
>>>>>>>
>>>>>>>
>>admin
>>
>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>to
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>>your web server.
>>>>>>>
>>>>>>>3. On remote Windows PCs use PuTTY and PuTTY's
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>command
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>>line utilities for up/downloading files from
>>>>>>>
>>>>>>>
>>your
>>
>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>web
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>>server.
>>>>>>>
>>>>>>>4. On your cable/DSL home router put an entry
>>>>>>>
>>>>>>>
>>for
>>
>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>the
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>>remote IP addresses in your firewall,
>>>>>>>
>>>>>>>
>>specifying
>>
>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>the
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>>host and SSH ports, and route them to your web
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>server.
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>>5. Put an entry in your router's firewall for
>>>>>>>
>>>>>>>
>>the
>>
>>
>>>>>>>router itself, as in the previous step, to
>>>>>>>
>>>>>>>
>>test
>>
>>
>>>>>>>internet accessibility from your home network.
>>>>>>>
>>>>>>>
>> If
>>
>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>you
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>>put an entry for your web server's host name
>>>>>>>
>>>>>>>
>>in a
>>
>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>home
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>>network PC's hosts file, you will access the
>>>>>>>
>>>>>>>
>>web
>>
>>
>>>>>>>server without going out to the internet. If
>>>>>>>
>>>>>>>
>>you
>>
>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>use
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>>the web server's FQDN (full host plus domain
>>>>>>>
>>>>>>>
>>name,
>>
>>
>>>>>>>fully qualified domain name), your home PC
>>>>>>>
>>>>>>>
>>will
>>
>>
>>>>>>>actually request name translation from your
>>>>>>>
>>>>>>>
>>ISP's
>>
>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>DNS,
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>>which is your router, and then direct your
>>>>>>>
>>>>>>>
>>request
>>
>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>to
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>>your router's WAN side port, effectively
>>>>>>>
>>>>>>>
>>testing
>>
>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>for
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>>internet accessibility.
>>>>>>>
>>>>>>>6. In your web server's host file put your
>>>>>>>
>>>>>>>
>>DDNS
>>
>>
>>>>>>>address and FQDN (full host plus domain name,
>>>>>>>
>>>>>>>
>>fully
>>
>>
>>>>>>>qualified domain name) you got from your DDNS
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>service
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>>provider. Don't put in the web server's
>>>>>>>
>>>>>>>
>>private
>>
>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>LAN
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>>address. Note the IP address may change
>>>>>>>
>>>>>>>
>>because
>>
>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>you
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>>are using DDNS - but it doesn't change that
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>frequently
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>>- so you may want to run a script that checks
>>>>>>>
>>>>>>>
>>it
>>
>>
>>>>>>>daily.
>>>>>>>
>>>>>>>7. You may want to put a simple non-dotted
>>>>>>>up-to-15-character name for your ISP's DNS to
>>>>>>>
>>>>>>>
>>test
>>
>>
>>>>>>>name resolution from your web server when you
>>>>>>>
>>>>>>>
>>have
>>
>>
>>>>>>>problems using nslookup for example (you have
>>>>>>>
>>>>>>>
>>to
>>
>>
>>>>>>>specify the server using nslookup because the
>>>>>>>
>>>>>>>
>>web
>>
>>
>>>>>>>server is on your home network).
>>>>>>>
>>>>>>>8. You can also put a simple non-dotted
>>>>>>>up-to-15-character name (say, just the host
>>>>>>>
>>>>>>>
>>name
>>
>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>only
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>>of the FQDN) for the web server in your home
>>>>>>>
>>>>>>>
>>PC's
>>
>>
>>>>>>>hosts file to permit local testing of your web
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>server.
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>>9. In rc.conf (I am running NetBSD) on the
>>>>>>>
>>>>>>>
>>web
>>
>>
>>>>>>>server, put in the DDNS FQDN as the hostname
>>>>>>>
>>>>>>>
>>and
>>
>>
>>>>>>>similarly its domain part for the domainname.
>>>>>>>
>>>>>>>There are entries above for the IP address
>>>>>>>
>>>>>>>
>>that are
>>
>>
>>>>>>>made manually so these have to be checked
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>periodically
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>>if changed by your broadband ISP. (This does
>>>>>>>
>>>>>>>
>>not
>>
>>
>>>>>>>include the DDNS entry in the router which
>>>>>>>
>>>>>>>
>>will
>>
>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>update
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>>your DDNS service entry automatically).
>>>>>>>
>>>>>>>BZAG
>>>>>>>=======================================
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>>
>---------------------------------------------------------------------
>
>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>>The official User-To-User support forum of the
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>Apache HTTP Server Project.
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>>See
>>>>>>>
>>>>>>>
>><URL:http://httpd.apache.org/userslist.html>
>>
>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>for more info.
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>>To unsubscribe, e-mail:
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>users-unsubscribe@(protected)
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>> " from the digest:
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>users-digest-unsubscribe@(protected)
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>>For additional commands, e-mail:
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>users-help@(protected)
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>>
>---------------------------------------------------------------------
>
>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>>The official User-To-User support forum of the
>>>>>>Apache HTTP Server Project.
>>>>>>See
>>>>>>
>>>>>>
>><URL:http://httpd.apache.org/userslist.html> for
>>
>>
>>>>>>more info.
>>>>>>To unsubscribe, e-mail:
>>>>>>users-unsubscribe@(protected)
>>>>>> " from the digest:
>>>>>>users-digest-unsubscribe@(protected)
>>>>>>For additional commands, e-mail:
>>>>>>users-help@(protected)
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>---------------------------------------------------------------------
>
>
>>>>>The official User-To-User support forum of the
>>>>>
>>>>>
>>Apache HTTP Server
>>
>>
>>>>>Project.
>>>>>See <URL:http://httpd.apache.org/userslist.html>
>>>>>
>>>>>
>>for more info.
>>
>>
>>>>>To unsubscribe, e-mail:
>>>>>
>>>>>
>>users-unsubscribe@(protected)
>>
>>
>>>>> " from the digest:
>>>>>
>>>>>
>>users-digest-unsubscribe@(protected)
>>
>>
>>>>>For additional commands, e-mail:
>>>>>
>>>>>
>>users-help@(protected)
>>
>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>
>>>>
>---------------------------------------------------------------------
>
>
>>>>The official User-To-User support forum of the
>>>>
>>>>
>>Apache HTTP Server
>>
>>
>>>>Project.
>>>>See <URL:http://httpd.apache.org/userslist.html>
>>>>
>>>>
>>for more info.
>>
>>
>>>>To unsubscribe, e-mail:
>>>>
>>>>
>>users-unsubscribe@(protected)
>>
>>
>>>> " from the digest:
>>>>
>>>>
>>users-digest-unsubscribe@(protected)
>>
>>
>>>>For additional commands, e-mail:
>>>>
>>>>
>>users-help@(protected)
>>
>>
>>>>
>>>>
>>>
>>>
>---------------------------------------------------------------------
>
>
>>>The official User-To-User support forum of the
>>>
>>>
>>Apache HTTP Server
>>
>>
>>>Project.
>>>See <URL:http://httpd.apache.org/userslist.html>
>>>
>>>
>>for more info.
>>
>>
>>>To unsubscribe, e-mail:
>>>
>>>
>>users-unsubscribe@(protected)
>>
>>
>>> " from the digest:
>>>
>>>
>>users-digest-unsubscribe@(protected)
>>
>>
>>>For additional commands, e-mail:
>>>
>>>
>>users-help@(protected)
>>
>>
>>>
>>>
>>>
>>
>>
>---------------------------------------------------------------------
>
>
>>The official User-To-User support forum of the
>>Apache HTTP Server Project.
>>See <URL:http://httpd.apache.org/userslist.html> for
>>more info.
>>To unsubscribe, e-mail:
>>users-unsubscribe@(protected)
>> " from the digest:
>>users-digest-unsubscribe@(protected)
>>For additional commands, e-mail:
>>users-help@(protected)
>>
>>
>>
>>
>
>
>
>
>---------------------------------------------------------------------
>The official User-To-User support forum of the Apache HTTP Server Project.
>See <URL:http://httpd.apache.org/userslist.html> for more info.
>To unsubscribe, e-mail: users-unsubscribe@(protected)
> " from the digest: users-digest-unsubscribe@(protected)
>For additional commands, e-mail: users-help@(protected)
>
>
>
>
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@(protected)
" from the digest: users-digest-unsubscribe@(protected)
For additional commands, e-mail: users-help@(protected)
|
|
|
