[ale] Accessing Server without Domain Name
Greg
runman at telocity.com
Thu Nov 7 17:44:34 EST 2002
What I did to test my webserver to see if it was accessible from the
internet was use my dial-up modem to go outside, hit telocity and then come
in and hit my webserver. The other way was to use my friends and family to
hit my site via my static IP. My firewalls are set up to send all port 80
requests to the webserver on my public network (where all boxen have static
non-routable IP's). To see if someone outside the network can come in
(using the static address) be re-directed to the webserver and see the
correct stuff requires coming in from the outside. I guess that you could
put a box on the outside side of the router that would represent the
Internet and that would work, but most firewalls will not allow you to start
inside (192.something) NAT to the static IP, and come in and route to the
webserver. I know that if you try coming *into* most firewalls with a
non-routable address (192.something) you will be rejected.
Greg
> -----Original Message-----
> From: Geoffrey [mailto:esoteric at 3times25.net]
> Sent: Thursday, November 07, 2002 1:44 PM
> To: Christopher R. Curzio
> Cc: ale at ale.org
> Subject: Re: [ale] Accessing Server without Domain Name
>
>
> Christopher R. Curzio wrote:
> > What are you talking about?
>
> Chill and read the threads.
>
> >
> > Making an assumption that the IP address of the webserver is assigned
> > dynamically is a bad one, as that would be a pretty silly setup
> to have an
> > internal IP bouncing around where you have to constantly redefine the
> > external to internal port redirect.
>
> First of all, we're talking about a router sitting in someone's house
> connected to a DSL (static ip). So, regardless of whether the router
> assigns a static or dynamic ip to the various devices on the inside
> network, he's still got a problem getting to it from the outside world.
> without telling the router where to send port 80 requests.
>
> It will be a private IP that the internet is not privy to. Further, ANY
> request to his single static ip is not going to find it's way to the web
> server inside.
>
> Most of these devices do assign dynamic ips from a static list on a
> first come first serve basis.
>
> > Further, if he's on the same network
> > as the server, and types the IP of his server into the browser,
> the router
> > wouldn't even be bothered with the request.
>
> His exact words:
>
> 'I _thought_ all I needed to do was to dial in the static IP address in
> any web browser, but that isn't quite working...'
>
> Point being, the only IP address he's mentioned is the static one. If
> he types the static IP into a browser on his internal network, he will
> get to the router, becasue the router has that ip assigned to it.
> Otherwise, he'd never get to the internet at all.
>
> Someone made the comment that he could test it from his internal
> network, but he's already done that. The question was how does he get
> to a webserver that sits behind his router that has a static ip.
>
> >
> > The router shouldn't care about any traffic on the internal
> network unless
> > directly addressed to the router. Aaron said: "The system is currently
> > living on my home network, which includes internet access via Static IP
> > DSL Gateway connected through one of those little stand alone
> > Router/Firewall boxes." That says to me that the internal network is in
> > happy-land of 192.168 (or something similar), and they all push through
> > the router to get to the internet via NAT.
>
> Correct, and I'm fully aware of this.
>
> >
> > Aaron also said: "We would like to access this http server from the
> > internet for testing" - note, "from the internet". If he types in the
> > internal IP address of the webserver in a browser on the same
> network, it
> > will work.
>
>
> THE RECOOMENDATION WAS TO TYPE THE IP ADDRESS INTO THE BROWSER, making
> reference to the static ip. Yes, if he uses the internal ip he will get
> there, BUT THAT'S NOT THE PROBLEM AT HAND.
>
> Provided Apache is set up properly, anyway. However if the port
> > 80 redirect is not set up to bounce External_IP:80 to Webserver_IP:80,
> > accessing the external IP from the internet will get you a big fat
> > "Connection Refused". And if the webserver is getting its IP assigned
> > dynamically, the redirect via the router isn't going to work very well
> > every time the webserver gets a new IP.
>
> Wrong, because the bloody router is assigning the ip to the webserver,
> so it knows where to send the goods.
>
> >
> > Replace his Router/Firewall with a Linux box running iptables, and you
> > have a perfect description of *my* home network.
>
> Replace your linux box with my dual bastion/choke firewall configuration
> with three static ips, vpn router, dmz, web server and 9 computers on my
> private network, and you should realize that I DO KNOW WHAT I'M TALKING
> ABOUT....
>
> --
> Until later: Geoffrey esoteric at 3times25.net
>
> I didn't have to buy my radio from a specific company to listen
> to FM, why doesn't that apply to the Internet (anymore...)?
>
>
> ---
> This message has been sent through the ALE general discussion list.
> See http://www.ale.org/mailing-lists.shtml for more info.
> Problems should be
> sent to listmaster at ale dot org.
>
>
>
---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be
sent to listmaster at ale dot org.
More information about the Ale
mailing list