|
|
Mochuelo wrote:
> On Wed, 11 May 2005 14:21:44 GMT, Andrew Schulman
> <andrex@xxxxxxxxxxxx> wrote:
> >As you said, your router maps 80.35.x.x:80 to 192.161.0.10:12000.
What
> >it doesn't do is to map 127.0.0.1:80 to 192.161.0.10:12000, or
> >192.161.0.10:80 to 192.161.0.10:12000. I think this is your
trouble.
> >Within your LAN, a DNS lookup to personal.test.com is being resolved
to
> >either 127.0.0.1 or 192.161.0.10, not 80.35.x.x. So the router
doesn't
> >do its mapping.
> >
> >From one or more of the hosts in your LAN, what does 'host
> >personal.test.com' say? If it isn't 80.35.x.x, then you need to do
one
> >of several things:
>
> No, when I ping personal.test.com from inside my LAN, I read
> "80.35.x.x". That works ok. ...
It has to work "OK" if you're to have connectivity outside your lan.
It's the IP of the router.
> ... The problem, I guess (with my little
> knowledge of networks) is that the router, when it receives a request
> for 80.35.x.x, does different actions depending on whether the
request
> is outside or inside my LAN. If it is outside my LAN, PAT mapping is
> applied, and my page is correctly shown. If the request for 80.35.x.x
> comes from inside the LAN, the router interprets I want to configure
> it, and it does not do any PAT mapping, and directly asks me for the
> user and password to access the router.
This is true. The router has an httpd running to serve up its config
page(s).
> >
> >(1) Adjust your LAN DNS to make personal.test.com get resolved to
> >80.35.x.x.
>
> That already happens.
And this is _not_ what you want to happen. _Your_ httpd is _already_
on the lan located at 192.168.0.10:12000. The 3Com box is a _hub_ on
the lan (ethernet) side. All packets are delivered to all hosts.
There is no need (and you don't want) the packets to leave the lan when
the destination is _on_ the lan.
> >Then hope that packets will get routed out through the
> >router's external interface, whence they would get sent back in
through
> >that same interface, where the router would map them to
> >192.161.0.10:12000.
>
> That's what it is not happening.
> (BTW, I made a mistake, and it is 192.168..., not 192.161...)
>
> >Note that this isn't a very desirable solution; it
> >forces your LAN packets out through your external interface and
back.
>
> I wouldn't care about this for test purposes. I just want to have one
> unique code.
If your lan has a small number of hosts, just make an entry in the
"hosts" file that resolves "personal.test.com" to 192.168.0.10 (your
web server).
If your lan is pretty large you may need a DNS server on your lan with
an entry for your web server that resolves "personal.test.com" to
192.168.0.10.
> >(2) Do the port forwarding on 192.161.0.10, instead of the router.
So
> >the router would map personal.test.com:80 to 192.161.0.10:80, and on
> >192.161.0.10 you would have a rule mapping 80/tcp to 12000/tcp.
That
> >way, you would get the same result no matter where you called to
> >192.161.0.10 from.
> >
> >(3) Easiest of all: just run your web server on 192.161.0.10:80, and
do
> >away with the port forwarding.
Either of these will work and I agree that using port 80 on your "real"
web server will make life simpler.
> Regarding (2) and (3): I think 192.168.0.10 (neither :80 nor :12000)
> never even gets reached.
>
> I don't believe this has not been faced by thousands of people before
> me. I guess there must be an easy solution.
Well, this would only occur for people running a web server on their
lan (with a private IP) that is exposed to the public via port
forwarding on the 3Com router. ;)
In fact, without port forwarding, "outsiders" _may_ be able to pull up
your router's config page. To avoid this, the internals of these boxes
likely have a means to deliver the config page _only_ from a request
from the lan ports.
In any case, your basic problem (name to IP resolution) has two
"components". The outside world will resolve "personal.test.com" to
80.35.x.x (the IP of your router which will be forwarded) while your
lan hosts need to resolve "personal.test.com" to 192.168.0.10 (the IP
of your "directly connected" web server).
If you decide you need/want a DNS server on your lan, you might want to
look at dnsmasq (some Linux distros include it):
http://thekelleys.org.uk/dnsmasq/doc.html
hth,
prg
email above disabled
|
|