[ale] Accessing Server without Domain Name

[Geoffrey]

This really is getting rediculous.

Christopher R. Curzio wrote:
> Aaron said nothing about DHCP, nor did he say anything about IP address
> assigning, or that the router was the machine assigning addresses.

No, he did not, but he noted that the router/firewall was the gateway to 
the internet for his home network, so, yes I made some assumptions. 
Primarily that the router is doing some sort of nat for his home network.

Further, all these devices (I've ever seen) provide a dhcp ip by 
default, because they don't know how many devices you're going to 
connect to them.  In many cases, which ever machine goes live first gets 
the first ip.  You're not guaranteed to get the same ip for each 
machine.  Yes, I've done limited testing of this.  They do use ips from 
the private ip pool, but they are dynamic.

> He
> simply said that he wanted to test his internal website out on the
> internet by typing its IP address.

Wrong, he made no reference to the webserver's ip explicitly, but 
references to 'static ip' twice in the original posting. His exact words:

'The system is currently living on my home network, which includes
internet access via Static IP DSL Gateway connected through one of those
little stand alone Router/Firewall boxes.

And then:

'I _thought_ all I needed to do was to dial in the static IP address in 
any web browser, but that isn't quite working...'

Now maybe I'm making an assumption here, and Aaron can certainly correct 
me if I'm wrong, but both these quotes come from the same posting and I 
did assume that the two references to 'static IP address' were referring 
to the same ip.

> 
> As I said in my original reply (which is still correct) "The traffic from
> the internet needs a way to get to the internal box. The Router/Firewall
> doesn't automatically know what kind of servers are running behind it, so
> you have to forward port 80 to the actual webserver using whatever
> provisions are inside the Router/Firewall."

And I noted the same, as that's exactly what I do for my webserver.

> 
> The statement "I _thought_ all I needed to do was to dial in the static IP
> address in any web browser" is perfectly correct. Your assertation that
> the "only IP address he mentioned is the static one" is true in a literal
> sense, but he mentioned that he has a home network. Anyone with sense
> would realize every device on his home network probably has an IP address.

Again, you are wrong.  I know many folks who have multiple computers 
hooked to such a device but don't know anything about ip addresses.  It 
just works.  Why, because the router sees the box, assigns it an ip and 
begins to nat the requests.

Further you should not assume knowledge when assisting someone, 
therefore since he did not make any reference specifically to internal 
ip addresses, I don't assume that he's referencing the same.

> 
>>Someone made the comment that he could test it from his 
>>internal network, but he's already done that.
> 
> 
> I wasn't aware the server was tested at all. He didn't seem to mention
> that in his message. How did you find that out?

I inferred based on his original posting when he said:

'a nicely working RH 8.0 system with a very basic Apache server
running'

and

'We would like to access this http server from the internet for testing
before we put it on line'

 From these statements, He's tested the webserver since he noted it's 
runnning.  I'm assuming an implied local test since he says he'd like to 
test it from the internet.  So yes, I could be completely wrong, but I'm 
making some inferences here.

> 
> 
>>The question was how does he get to a webserver that 
>>sits behind his router that has a static ip.
> 
> 
> ...which I fully answered in my original message. 
> 
> 
>>THE RECOOMENDATION WAS TO TYPE THE IP ADDRESS INTO 
>>THE BROWSER, making reference to the static ip.
> 
> 
> Nonsense. I told him "Typing the IP address in a web browser should work
> fine on the same network as the webserver, however." Note the words "same
> network". We're talking about his home network here, thus, internal
> address space. I could have worded it better.
> 
> 
>>Yes, if he uses the internal ip he will get there
> 
> 
> ...which is what "Typing the IP address in a web browser should work fine"
> originally meant.

It is vague to say the least, particularily since he's made one 
reference to one IP.

> 
> 
>>Wrong, because the bloody router is assigning the ip 
>>to the webserver, so it knows where to send the goods.
> 
> 
> Again, you're making assumptions further than the information given. As an
> aside, if a machine on the internal network is having its IP address
> reassigned, (assume on every reboot), how would the router device know
> which machine gets the port 80 redirect? I've never seen this done.

Because the router is the one that's going to forward the requests to 
that machine.  These devices do keep track of port redirections and 
associates them, usually with the mac address of that server, not the ip.

I'm basing this on experiences with a device called a netgate which I 
use from home to access my employer's corporate network.  By default it 
assigns dynamic ips to the devices connected to it.  I've noted this, 
since I have had 4 machines connected to it at one time.  It only has 
two ethernet ports, one for the 'outside' network, one for the 'inside 
network.'  You connect a hub/switch to the 'inside' port and the netgate 
assigns the ips accordingly.

Once you start getting specific, as in 'this machine is my webserver' 
then it tracks the mac address for that machine and provides it the 
redirection, although it DOES NOT get the same ip everytime.  This I've 
noted.  I've seen similar approaches with other devices.

Now, you can tell this device to do static ips, but that is not the default.

> 
> 
>>Replace your linux box with my dual bastion/choke 
>>firewall configuration with three static ips, vpn 
>>router, dmz, web server and 9 computers on my 
>>private network, and you should realize that I DO 
>>KNOW WHAT I'M TALKING ABOUT....
> 
> 
> You know, you started off your message with "Chill and read the threads."
> Judging by all the caps, I think you might be the one who needs a Coke and
> a smile. Relax.

Sorry I don't do Coke, but, if you're old enough, I'll buy you a beer 
and we can continue this at that juncture...


-- 
Until later: Geoffrey		esoteric at 3times25.net

I didn't have to buy my radio from a specific company to listen
to FM, why doesn't that apply to the Internet (anymore...)?


---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.