+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 27
Wireless Networks Thread, External DNS connections in Technical; Hello. I hope everyone is well, I have posted before about looking to host our own services. Since then i ...
  1. #1

    Join Date
    May 2006
    Location
    West Bromwich
    Posts
    2,192
    Thank Post
    300
    Thanked 215 Times in 185 Posts
    Rep Power
    57

    External DNS connections

    Hello. I hope everyone is well,

    I have posted before about looking to host our own services. Since then i have registered with nominet and have spoken to broadband sandwell that look after the boroughs systems.

    They have said i can take control of the services if i want to until we move over to the broadband sandwell network in 2009.

    I have looked at adding our nameserver into the nominet list but am now feeling a bit confused.

    The confusing part is this.

    I have added our servername (one holding mail) as the ns.domainname.com and have added the external gateway address to the name server. Is this correct?

    I have also been looking at sheilds up! and have seen that it scans a 202.x.x.x address which would be our external RM cache. All ports are stealthed.

    Is this going to cause me problems?

    I have a internal proxy with a firewall (schoolguardian) and also firewalls on the OS X servers themselves. I tried doing a lookup on the ns.domainname.com but came back with no details.

    Am i going about this the wrong way? First time setting up external connections with domain registrars. Closest i have come is dydns at home which seems to work fine.

    I also do not yet know if this IP address we are given on the external side is static.

    Could anybody shed some light on the best steps to take.
    Thanks.

  2. #2
    Jona's Avatar
    Join Date
    May 2007
    Location
    Cranleigh
    Posts
    471
    Thank Post
    14
    Thanked 51 Times in 49 Posts
    Rep Power
    24
    Hi there,
    I can't quite understand all of your post so forgive me if this isn't helpful...

    Seems like you need to start from base principles, e.g. First get your external IP successfully connected to your internal router / gateway (should just be a matter of entering it once it's been allocated).

    Then setup the link from your router to the server inside your DMZ (should just be a direct mapping assuimg your not NAT'ing for any reason..).

    Once this is done prove to yourself that would can navigate to the services you want on your server (web, email, etc) from outside your school network using an IP address.

    Once you've sorted that out you should be able to look at doing DNS to nicely map your domain name to that IP.

  3. #3
    greenfieldsupport's Avatar
    Join Date
    Mar 2007
    Location
    Newton Aycliffe, Durham
    Posts
    240
    Thank Post
    14
    Thanked 3 Times in 3 Posts
    Rep Power
    16
    Quote Originally Posted by HodgeHi View Post
    Hello. I hope everyone is well,

    I have posted before about looking to host our own services. Since then i have registered with nominet and have spoken to broadband sandwell that look after the boroughs systems.

    They have said i can take control of the services if i want to until we move over to the broadband sandwell network in 2009.

    I have looked at adding our nameserver into the nominet list but am now feeling a bit confused.

    The confusing part is this.

    I have added our servername (one holding mail) as the ns.domainname.com and have added the external gateway address to the name server. Is this correct?

    I have also been looking at sheilds up! and have seen that it scans a 202.x.x.x address which would be our external RM cache. All ports are stealthed.

    Is this going to cause me problems?

    I have a internal proxy with a firewall (schoolguardian) and also firewalls on the OS X servers themselves. I tried doing a lookup on the ns.domainname.com but came back with no details.

    Am i going about this the wrong way? First time setting up external connections with domain registrars. Closest i have come is dydns at home which seems to work fine.

    I also do not yet know if this IP address we are given on the external side is static.

    Could anybody shed some light on the best steps to take.
    Thanks.
    Okay Please tell me what it is your trying to "host yourselves"?
    for Most services, you dont need your own nameserver (dns) server to be visiable on the internet, most people use the nameservers provided free by the place you bought the domain name from.

    If for example you wanted to host a webserver... you would set up your webserver, make sure it works locally, then you would log into your router (the default gateway on the internet machine) and you would Forward the required port, in this case, as a webserver defaults to port 80 and you havent changed it, you would forward port 80.

    The default gateway / router would ask you also for the local ip address of the machine you want to forward port 80 to, so you would put this in also, something like 10.0.2.12 or 192.168.1.7

    THEN you would configure DNS, both internally and externally, firstly you would log into the webpage you bought the domain from, and you would add a record into the dns for domainname.com OR www.domainname.com

    (the www as that is what you are serving, if you wanted an ftp server you should use ftp.domainname.com but it can infact be anything : somethingtotallyrandom.domainname.com)

    you would add the REMOTE ip address of your router to this, this should be the 202.*.*.* one you talked about

    then you would save, log out, wait 12 hours and try it from home, and it should work

    now if you want to be able to type www.domainname.com INSIDE of work, you would have to also create records in your local DNS server.



    I hope this helps somewhat but im not entirely sure i understand your question.??

  4. #4

    Join Date
    May 2006
    Location
    West Bromwich
    Posts
    2,192
    Thank Post
    300
    Thanked 215 Times in 185 Posts
    Rep Power
    57
    OK let me try to clarify.

    I will start from internal to external

    We have 4 servers. 2 AD and 2 OD. AD servers host the active directory but more importantly the DNS for internal network.

    The 1 OD server hosts the Web site and the Mail service.

    These point to a School guardian proxy which is also the gateway for the clients.

    On the external connection from the School Guardian proxy box (which also is a firewall) is a second router a BT one). This is the actual gateway to the internet.

    On the external side of the BT router is the RM proxy.

    Our school guardian proxy upstreams to the parent proxy to work.
    and the servers can bypass the school guardian to get to the rm one.

    I have set up the switches so that the clients cannot connect directly to the BT router so have to go through the School guardian.

    The gateway was set up like this when i arrived (apart from the local proxy box).

    I tried a port scan from an external site on the BT router which is in the 194.x.x.x range but the IP it cam back with was in the 202.x.x.x range which must be the RM cache box.

    The confusion i have is which IP do i point it at? the RM one or the BT Router one. I at first thought it must be the BT one since i need it to see that and forward the requests to the school guardian which would forward the requests to the correct server. But after the scan i was not sure since the ports all came back stealthed and not responding to anything with either a deny or accept.

    We are trying to host our own mail service and web site service so as we can gain more control internally for staff.

    The domain name registered with nominet is the school one which points to broadband sandwell's servers. The nameserver is what nominet call the server you want your domain name to point to i think, although the servers already listed did not give any IPs which i thought was strange. How would these work then?

    I know i need to point the domain name at our server but with the amount of firewalls and proxies in the way it is clouding what i think i should do.

    My setup should be made more straight forward i think (and i may just sort it out pretty soon ).

    Thanks for the replies and any more that can be given to make things a little clearer.

  5. #5
    DMcCoy's Avatar
    Join Date
    Oct 2005
    Location
    Isle of Wight
    Posts
    3,505
    Thank Post
    10
    Thanked 508 Times in 445 Posts
    Rep Power
    116
    Unless you have control over your incoming firewall and ip allocations there is no point in hosting a dns server for the outside world to see. You will still have to get change requests authorised if its anything like the south east grid.

    I simply had a lot of ports opened, dns entires added and additional ip addresses allocated in a single request.

    As you seem to be using RM (one of the ifl's) then the answer to asking them if you can host your own dns server will simply be "no" (Although they may say yes, air bourne pigs spring to mind).

    I still don't understand what you are trying to achieve by hosting your own dns. If you just want internal services then you simply do what I mentioned above, raise a change request to get an ip, dns alias for the ip and relevant port opened.

    You will have to pay for an smtp feed too I should think, I believe segfl charge us £1500 a year (They really *really* don't want people to host their own direct smtp servers - it all has to go through the grids mx relays)

    Oh, and as to what IP, it's whatever ip(s) you have allocated to your router, not the proxy one.

    I have a firewall managing 8 the ip addresses for our site
    Last edited by DMcCoy; 9th January 2008 at 02:11 AM.

  6. #6

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,271
    Thank Post
    884
    Thanked 2,749 Times in 2,322 Posts
    Blog Entries
    11
    Rep Power
    785
    Your should be able to get your true external ip by connecting to your bt router and looking at the status. Depending on what tool you used it could very well be the 202.x.x.x one and will not be the 192.168.x.x one as this is a private address space for internal use only.

    To host these services you will need to configure port forwarding (virtual servers) in your BT routers configuration that points any incoming traffic to port 80 (web) to your web servers internal ip address. This is assuming that there are not other firewalls in your way as above. I would not recommend hosting your own external DNS even if you can as you will not need it for the services that you want to share.

    After you have found your external ip and set up port forwarding you should be able to access the services via the ip address externally to test them.

    Once you have done this it will be a good idea to talk to whoever runs your domain name and ask them to add/edit the DNS records on their server to add a subdomain that points to your external ip address. This means that you will be able to just use www.yourschool.co.uk to get to your site rather than the ip.
    Last edited by SYNACK; 9th January 2008 at 02:20 AM.

  7. #7
    Jona's Avatar
    Join Date
    May 2007
    Location
    Cranleigh
    Posts
    471
    Thank Post
    14
    Thanked 51 Times in 49 Posts
    Rep Power
    24
    The nameserver is what nominet call the server you want your domain name to point to i think, although the servers already listed did not give any IPs which i thought was strange. How would these work then?
    This is incorrect a name server is effectivly the DNS server for your domain and whilst it does provide a round about link to the actual IP of your server it shouln't be a direct link unless you are hosting your own DNS (not reccomended).

    I would image you would need to the IP address of your router rather than your RM proxy (as that preumably only handles outbound connections). But this should be able to be sorted by looking on your router / calling your upstream provider.

    Cheers
    Jona

  8. #8
    greenfieldsupport's Avatar
    Join Date
    Mar 2007
    Location
    Newton Aycliffe, Durham
    Posts
    240
    Thank Post
    14
    Thanked 3 Times in 3 Posts
    Rep Power
    16
    I'd recommend one step at a time,
    get everything working with IP addresses, before you move onto dns, with the exception of your mail server, you'll still need to talk to your isp anyway as you need them to create your PTR records, so that all your sent mail doesn't just wind up in the spam bin with most places.

    Get the website working first,

    using ip addresses

    EDIT > forward port 80 on your router (194.*.*.*) to the local ip addres

    Remember u carnt use shields up to do a port scan, as your RM cache is a forced proxy and it will pick up your web request and relay the request to shields up, which will then say oh hi rm box, and scan your cache not your router...

    hope this helps
    Last edited by greenfieldsupport; 9th January 2008 at 06:10 PM.

  9. #9
    Jona's Avatar
    Join Date
    May 2007
    Location
    Cranleigh
    Posts
    471
    Thank Post
    14
    Thanked 51 Times in 49 Posts
    Rep Power
    24
    Yeh I'd also reccomend you go step by step from beginning. Sort your IP'S out first.

    But make sure you have considered the security implications of having an external hole into your normal network.

  10. #10

    Join Date
    May 2006
    Location
    West Bromwich
    Posts
    2,192
    Thank Post
    300
    Thanked 215 Times in 185 Posts
    Rep Power
    57

    Thanks

    Thanks for all your responses.

    I understand now what you were all getting at when saying "hosting your own DNS server". I just want to have the domain name pointing to our servers which seems to hosted by nominet.

    I think i see what is happening now. The nominet servers have the schools domain name registered but points to broadband sandwell's server for resolution. I think i need to speak to both RM and Broadband Sandwell to get that to resolve but first as you say i need to sort out the IP address resolution first.

    I need to speak to RM to open the ports if i understand you correctly? They give us our internet connection.

  11. #11
    greenfieldsupport's Avatar
    Join Date
    Mar 2007
    Location
    Newton Aycliffe, Durham
    Posts
    240
    Thank Post
    14
    Thanked 3 Times in 3 Posts
    Rep Power
    16
    if thats where the internet is *pushed down to* then it shouldnt be much of an ordeal, however if EVERYTHING runs thru a series of proxys after your RM cache.... you might not actually even be able to do what you want. because if your ISP has only bought a small amount of IP addressed to be stingy and uses NAT to let you connect out.... they wont want to give one of them IP address up to you...

    see what RM say when you phone them up!

    Good luck!

  12. #12

    Join Date
    May 2006
    Location
    West Bromwich
    Posts
    2,192
    Thank Post
    300
    Thanked 215 Times in 185 Posts
    Rep Power
    57

    Update on situation (if interested)

    So its been a busy day so far. Yesterday was port-forward hell for me. I had issues when at home as well

    I checked the school website from home last night and it now seems to be resolving back to the external server (LEAs) as it should now be. BUt got into school today and could not access them from inside our school.

    I spoke to RM and they said they would look into it.

    They have just got back to me saying that "the issue being DNS replication on their servers."

    I have just tried the site but still no go on the site from in school.

    I have also sent in a request for the ports to be opened on our router.



    I can then try to get the IP address working into our internal web server.

    The home issue was port forwarding on a 11n extreme router. I have set up a forward rule for port 25 which works fine but a port forward of 80 does not. Has anyone had any issues with an extreme port forwards or lack of them?

  13. #13
    Jona's Avatar
    Join Date
    May 2007
    Location
    Cranleigh
    Posts
    471
    Thank Post
    14
    Thanked 51 Times in 49 Posts
    Rep Power
    24
    The home issue was port forwarding on a 11n extreme router. I have set up a forward rule for port 25 which works fine but a port forward of 80 does not. Has anyone had any issues with an extreme port forwards or lack of them?
    Who is your home ISP? A lot of ISPs block port 80 to stop customers running web servers. Worth some googling and experimentation to try and confirm if this is the case before you go too much furthur...

  14. #14

    Join Date
    May 2006
    Location
    West Bromwich
    Posts
    2,192
    Thank Post
    300
    Thanked 215 Times in 185 Posts
    Rep Power
    57
    my ISP is Virgin Media.

    I have hosted my own web server before. It was a nas drive with web service available. I configured a US Robotics to port forward to the nas drive fine. But this time with the extreme it isn't working like it should. I have tried to port forward to the nas drive and it failed. I also tried to port forward to my leopard server and it is still failing. I am going to try a factory reset now and see if it resolves the issue.

  15. #15

    Join Date
    May 2006
    Location
    West Bromwich
    Posts
    2,192
    Thank Post
    300
    Thanked 215 Times in 185 Posts
    Rep Power
    57

    Update

    Well i have sorted out the problem at home. It ended up being a permissions problem on the root folder for the web pages.

    Chown -R www:www seem to resolve the problem.

    I have also sent the fax to RM about opening the ports and have yet to receive a reply.



SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. STOP UNC Connections
    By tomlin in forum Windows
    Replies: 8
    Last Post: 5th December 2007, 01:00 PM
  2. Printer Connections - I NEED HELP PLEASE
    By Mr_M_Cox in forum Windows
    Replies: 14
    Last Post: 7th June 2007, 07:00 PM
  3. Internet Connections
    By 20RickY06 in forum General Chat
    Replies: 7
    Last Post: 6th September 2006, 09:56 AM
  4. Promethean IWB Connections
    By plexer in forum Hardware
    Replies: 6
    Last Post: 21st July 2006, 05:01 PM
  5. Dual ADSL connections
    By Simcfc73 in forum Wireless Networks
    Replies: 1
    Last Post: 9th March 2006, 10:19 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •