Results 1 to 5 of 5
  1. #1
    Newbie
    Join Date
    Jun 2008
    Posts
    11

    Default Internal Network Webserver Conflict ???

    Hey everyone,

    I love untangle and generally have no issues however this is bugging me lately.

    First off Untangle is in Router mode and is my only router on my network.

    I have a web server running on one of my pc's on the LAN. This web server is publicly accessible. And port forwarded and firewall bypassed etc.

    Yet when i try to visit the site via its full domain name on my LAN the Untanlge web server answers instead with a page stating that URL i requested isnt available.

    Obviously the Untangle server answered the web server request somehow, but why? And can I change things so that i may visit the site on the LAN without any issues.

    I have been forced to use a proxy just to see my site on the LAN. I need full speed, un proxied, etc access to my webserver on the LAN so I can work on it.

    Lastly I have been able to do just this in the past using an off the shelf router ie linksys etc.

  2. #2
    Untangle Ninja
    Join Date
    Jul 2008
    Posts
    1,129

    Default

    Quote Originally Posted by tw3ak View Post
    I have a web server running on one of my pc's on the LAN. This web server is publicly accessible. And port forwarded and firewall bypassed etc.

    Yet when i try to visit the site via its full domain name on my LAN the Untanlge web server answers instead with a page stating that URL i requested isnt available.
    I configured my domain names running on the internal web server in the UT DNS server section. I have the LAN clients pointed to the UT as the DNS server. When the internal clients request a site via the domain name, they query the UT which gives them the internal IP address instead of the public one. The client then go straight to the internal web server.

    Lannie

  3. #3
    Newbie
    Join Date
    Jun 2008
    Posts
    11

    Default

    Quote Originally Posted by lschafroth View Post
    I configured my domain names running on the internal web server in the UT DNS server section. I have the LAN clients pointed to the UT as the DNS server. When the internal clients request a site via the domain name, they query the UT which gives them the internal IP address instead of the public one. The client then go straight to the internal web server.

    Lannie
    Ok, so say my full domain name that reaches the webserver externally is "mysite-example.org" and I set static DNS entry to point to 192.168.1.50 where the example webserver is located.

    Now if i request the "mysite-example.org" from inside the LAN on another pc. I should a DNS resolution to 192.168.1.50?

    Ok wait I think I got it. Now this will will forward to the internal webserver IP just fine, however the webserver is not the only service inside the LAN the uses the "mysite-example.org" to forward internally as this is essentially just my dynamic ip address domain name. Will any requests using other protocols like FTP for example forward to the correct computer and service if appended with the right port numbers and proper port forwardings in Untangle?

  4. #4
    Untanglit
    Join Date
    Mar 2009
    Posts
    23

    Default

    Beyond what's already been suggested, I would suggest breaking each service out to it's own hostname:

    webserver.mysite-example.org, ftp.mysite-example.org, ippbx.mysite-example.org, mail.mysite-example.org, and so on.

    For internal DNS requests, you map each subdomain to the correct physical server. For public DNS requests, at this time, you map each subdomain to the public IP of your Untangle box (Doesn't matter if it's dynamic or not)

    I also want to note that if you happen to be running an Active Directory setup, your internal clients should use your Windows server for DNS, not Untangle, to avoid problems. (Possibly Untangle as 2nd DNS)

    This lets two nice things happen.

    1) Whether a user is internal or external, the hostnames are all the same. Means one SSL certificate for things that need them, and ONE way to connect for users (especially laptop users). Anything that simplifies it for end users is good

    2) Allows you to redirect a particular service to a different location or box without changing client settings. So, mail.mysite-example.org goes down, so you temporarily redirect it to webmail.cheaphostingcompany.com (CNAME, or by IP) until you can get a replacement box in place.

  5. #5
    Untanglit
    Join Date
    Mar 2009
    Posts
    23

    Default

    One last thought, this is not a "specific to Untangle" problem. It's not really even a "problem", it is actually a "feature". As one mans feature is another mans problem

    A simple router will map say, port 80, no matter where it comes from, to a single destination, say 192.168.1.10.

    A feature rich router will map port 80 depending on the source (internal, WAN1, WAN2, VLAN4, etc.) to an arbitrary destination. So, port 80 from WAN1 goes to LAN 192.168.1.10, port 80 from VLAN4 goes to LAN 192.168.1.11, and so on. This is Untangle.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2