Cannot reach the web, ftp, email servers on the same computer

Hi,

I'm running a web server, ftp server and email server on
a windows 2003 server and they can be accessed by other
computers thru internet. The problem is those servers
cannot be accessed by the windows 2003 server computer
itself(the same computer that running the servers) by
using the internet IP address or domain name but it can
be accessed by using the private ip address. Other
computer within the local network can access those server
normally. So, I don't think it is a fireware setting
problems.


Any one can help ???

Regards
Raymond

Hi Rolland

Firstly, Thanks for your reply. My config. is as follows:

the public domain name http:\\mydomain.com and public IP
can be reached by webserver running IIS but private
domain and IP can be reached. The server is not in DMZ

No REFERENCE ANY EXTERNAL DNS SERVERS on my private DNS
server and no root entry "." in forward zone also.

So, I don't know what's wrong with that.

Thanks & Regards
Raymond


>-----Original Message-----
>"Raymond" wrote:
>> I'm running a web server, ftp server and email server
on
>> a windows 2003 server and they can be accessed by other
>> computers thru internet. The problem is those servers
>> cannot be accessed by the windows 2003 server computer
>> itself(the same computer that running the servers) by
>> using the internet IP address or domain name but it can
>> be accessed by using the private ip address. Other
>> computer within the local network can access those
server
>> normally. So, I don't think it is a fireware setting
>> problems.
>
>Hi Raymond...
>
>Details can go a long way here... This is what I get
from your post:
>
>http://mydomain.com/ reachable by all Internet users
>http://mydomain.com/ not reachable by webserver, which
is running IIS and
>publicly knows as http://mydomain.com/
>What is the public IP address? Can the server get to it
with the public IP
>address and not just the name? http://publicip/ which =
>http://mydomain.com/
>
>If so, then you have a naming issue. If not, then you
possibly also have a
>routing issue but I'm betting on the former.
>
>DNS Domains:
>External vs Internal
>
>DNS should be running on AD Server
>External DNS Domain: mydomain.com
>Internal DNS Domain: internal.mydomain.com (anything but
mydomain.com in
>dotted format)
>
>Network settings on 2003 Server and ALL other computers
on private network.
>Primary DNS: private IP address of DNS Server (2003
Server) - DO NOT
>REFERENCE ANY EXTERNAL DNS SERVERS
>DNS Server (2003 Server): Should not have root entry "."
in forward zone.
>You do NOT have to have forwarders turned on in DNS
Server settings but you
>can. Without, the root hint servers will be used if
naming required for
>external destinations. Ex. www.microsoft.com
>
>This all assumes your server is NOT in the DMZ if you're
running a firewall
>and/or a NAT router. Since external users can get to
your services, then I
>assume everything there is configured properly.
>
>If you cannot get there by the public IP address either,
you could try trace
>routing to see where it fails but it might be that your
DFG is not the
>public side of the router. I never had one
misconfigured so I don't know if
>that would affect incoming traffic, which it might. If
so, then that is not
>the issue.
>
>Perhaps more detail is needed if these settings are
configured properly.
>
>--
>Roland
>
>This information is distributed in the hope that it will
be useful, but
>without any warranty; without even the implied warranty
of merchantability
>or fitness for a particular purpose.
>
>
>.
>

"Raymond" wrote:
> I'm running a web server, ftp server and email server on
> a windows 2003 server and they can be accessed by other
> computers thru internet. The problem is those servers
> cannot be accessed by the windows 2003 server computer
> itself(the same computer that running the servers) by
> using the internet IP address or domain name but it can
> be accessed by using the private ip address. Other
> computer within the local network can access those server
> normally. So, I don't think it is a fireware setting
> problems.

Hi Raymond...

Details can go a long way here... This is what I get from your post:

http://mydomain.com/ reachable by all Internet users
http://mydomain.com/ not reachable by webserver, which is running IIS and
publicly knows as http://mydomain.com/
What is the public IP address? Can the server get to it with the public IP
address and not just the name? http://publicip/ which =
http://mydomain.com/

If so, then you have a naming issue. If not, then you possibly also have a
routing issue but I'm betting on the former.

DNS Domains:
External vs Internal

DNS should be running on AD Server
External DNS Domain: mydomain.com
Internal DNS Domain: internal.mydomain.com (anything but mydomain.com in
dotted format)

Network settings on 2003 Server and ALL other computers on private network.
Primary DNS: private IP address of DNS Server (2003 Server) - DO NOT
REFERENCE ANY EXTERNAL DNS SERVERS
DNS Server (2003 Server): Should not have root entry "." in forward zone.
You do NOT have to have forwarders turned on in DNS Server settings but you
can. Without, the root hint servers will be used if naming required for
external destinations. Ex. www.microsoft.com

This all assumes your server is NOT in the DMZ if you're running a firewall
and/or a NAT router. Since external users can get to your services, then I
assume everything there is configured properly.

If you cannot get there by the public IP address either, you could try trace
routing to see where it fails but it might be that your DFG is not the
public side of the router. I never had one misconfigured so I don't know if
that would affect incoming traffic, which it might. If so, then that is not
the issue.

Perhaps more detail is needed if these settings are configured properly.

--
Roland

This information is distributed in the hope that it will be useful, but
without any warranty; without even the implied warranty of merchantability
or fitness for a particular purpose.

Hi Rolland

My details config. is

Win server 2003
Private IP : 192.168.1.28
Private DNS Server IP: 192.168.1.28(running on same
computer of Win2003 server)
Default Gateway IP : 192.168.1.88

ADSL Router IP : 192.168.1.88


I cannot browse http://publicip/
I cannot browse http://public domain name/
I can ping public ip and public domain name

Sorry typo error, "the public domain name
http:\\mydomain.com and public IP
cannot be reached"

result from ipconfig
Windows IP Configuration

Host Name . . . . . . . . . . . . : server818
Primary Dns Suffix . . . . . . . : www.server818.com
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : Yes
DNS Suffix Search List. . . . . . : www.server818.com
server818.com

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 3Com EtherLink XL
10/100 PCI TX NIC (3C90
5B-TX)
Physical Address. . . . . . . . . : 00-10-4B-63-F9-71
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.28
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.88
DNS Servers . . . . . . . . . . . : 192.168.1.28
Primary WINS Server . . . . . . . : 192.168.1.28


Thanks ...



>-----Original Message-----
>"Raymond" wrote:
>> Hi Rolland
>>
> The server is not in DMZ
>>
>> No REFERENCE ANY EXTERNAL DNS SERVERS on my private DNS
>> server and no root entry "." in forward zone also.
>
>Tell me about the network settings...
>
>ipconfig /all will tell you all DNS servers assigned to
that system.
>There should only be the Primary DNS to the 2003 server
private IP address.
>
>Can you browse to http://publicIP/
>If not, can you PING it, considering you're not blocking
ICMP messages.
>
>This is my DNS Server setting on all computers on my
private network.
>DNS Servers . . . . . . . . . . . : 192.168.0.9
>
>Does your internal DNS domain have the same name as your
external DNS
>domain?
>
>Which one of these below is CANNOT?
>
>> the public domain name http:\\mydomain.com and public
IP
>> can be reached by webserver running IIS but private
>> domain and IP can be reached.
>
>
>.
>

>Does your internal DNS domain have the same name as your
external DNS domain?

They are different names

"Raymond" wrote:
> Hi Rolland
>
The server is not in DMZ
>
> No REFERENCE ANY EXTERNAL DNS SERVERS on my private DNS
> server and no root entry "." in forward zone also.

Tell me about the network settings...

ipconfig /all will tell you all DNS servers assigned to that system.
There should only be the Primary DNS to the 2003 server private IP address.

Can you browse to http://publicIP/
If not, can you PING it, considering you're not blocking ICMP messages.

This is my DNS Server setting on all computers on my private network.
DNS Servers . . . . . . . . . . . : 192.168.0.9

Does your internal DNS domain have the same name as your external DNS
domain?

Which one of these below is CANNOT?

> the public domain name http:\\mydomain.com and public IP
> can be reached by webserver running IIS but private
> domain and IP can be reached.

<(E-Mail Removed)> wrote:
> My details config. is
>
> Win server 2003
> Private IP : 192.168.1.28
> Private DNS Server IP: 192.168.1.28(running on same
> computer of Win2003 server)
> Default Gateway IP : 192.168.1.88
>
> ADSL Router IP : 192.168.1.88
>
>
> I cannot browse http://publicip/
> I cannot browse http://public domain name/
> I can ping public ip and public domain name
>
> Sorry typo error, "the public domain name
> http:\\mydomain.com and public IP
> cannot be reached"
>
> result from ipconfig
> Windows IP Configuration
>
> Host Name . . . . . . . . . . . . : server818
> Primary Dns Suffix . . . . . . . : www.server818.com
> Node Type . . . . . . . . . . . . : Unknown
> IP Routing Enabled. . . . . . . . : Yes
> WINS Proxy Enabled. . . . . . . . : Yes
> DNS Suffix Search List. . . . . . : www.server818.com
> server818.com
>
> Ethernet adapter Local Area Connection:
>
> Connection-specific DNS Suffix . :
> Description . . . . . . . . . . . : 3Com EtherLink XL
> 10/100 PCI TX NIC (3C90
> 5B-TX)
> Physical Address. . . . . . . . . : 00-10-4B-63-F9-71
> DHCP Enabled. . . . . . . . . . . : No
> IP Address. . . . . . . . . . . . : 192.168.1.28
> Subnet Mask . . . . . . . . . . . : 255.255.255.0
> Default Gateway . . . . . . . . . : 192.168.1.88
> DNS Servers . . . . . . . . . . . : 192.168.1.28
> Primary WINS Server . . . . . . . : 192.168.1.28

Raymond...

Sorry, two more questions:
1. You state you can get there with private IP but can you get there with
the server name?
http://servername/ or http://hostname/
2. Is your router a NAT router?
On a private network, the LAN users, use private IP and naming and the
Internet (public network) uses public addressing and naming.

I have a domain: domain.com (public) The private domain is
internal.domain.com If I try to get to the public name with
http://domain.com/ while on the private network, I get the configuration for
my NAT router. The public address of the web server is the NAT routers
public address. The NAT router allows port 80 (HTTP) to a specific internal
(private) IP address: 192.168.0.9.

Internally, I can surf to my web site with http://hostname/ (FS1) or
http://internal.domain.com/ because I have an entry in my private DNS that
points the domain (internal.domain.com) to 192.168.0.9.

I can also get there with the FQDN: fs1.internal.domain.com but not with
fs1.domain.com because internally addressing/naming is not available
publicly so nobody else could route to my internal domain either. They
would have to use the public addressing fs1.domain.com and only if FS1 was
an Address or a CNAME (alias) in the public DNS.

I should have qualified the NAT router first. I apologize for that.

--
Roland

This information is distributed in the hope that it will be useful, but
without any warranty; without even the implied warranty of merchantability
or fitness for a particular purpose.

Rolland,

>1. You state you can get there with private IP but can
you get there with the server name?http://servername/ or
http://hostname/

Yes, I can

>2. Is your router a NAT router?
Yes, The public ip is obtained by the Router and the
router will route the requests to my server (i.e.
192.168.1.28)

Thanks & regards

Raymond



>-----Original Message-----
><(E-Mail Removed)> wrote:
>> My details config. is
>>
>> Win server 2003
>> Private IP : 192.168.1.28
>> Private DNS Server IP: 192.168.1.28(running on same
>> computer of Win2003 server)
>> Default Gateway IP : 192.168.1.88
>>
>> ADSL Router IP : 192.168.1.88
>>
>>
>> I cannot browse http://publicip/
>> I cannot browse http://public domain name/
>> I can ping public ip and public domain name
>>
>> Sorry typo error, "the public domain name
>> http:\\mydomain.com and public IP
>> cannot be reached"
>>
>> result from ipconfig
>> Windows IP Configuration
>>
>> Host Name . . . . . . . . . . . . : server818
>> Primary Dns Suffix . . . . . . . :
www.server818.com
>> Node Type . . . . . . . . . . . . : Unknown
>> IP Routing Enabled. . . . . . . . : Yes
>> WINS Proxy Enabled. . . . . . . . : Yes
>> DNS Suffix Search List. . . . . . :
www.server818.com
>> server818.com
>>
>> Ethernet adapter Local Area Connection:
>>
>> Connection-specific DNS Suffix . :
>> Description . . . . . . . . . . . : 3Com EtherLink
XL
>> 10/100 PCI TX NIC (3C90
>> 5B-TX)
>> Physical Address. . . . . . . . . : 00-10-4B-63-F9-
71
>> DHCP Enabled. . . . . . . . . . . : No
>> IP Address. . . . . . . . . . . . : 192.168.1.28
>> Subnet Mask . . . . . . . . . . . : 255.255.255.0
>> Default Gateway . . . . . . . . . : 192.168.1.88
>> DNS Servers . . . . . . . . . . . : 192.168.1.28
>> Primary WINS Server . . . . . . . : 192.168.1.28
>
>Raymond...
>
>Sorry, two more questions:
>1. You state you can get there with private IP but can
you get there with
>the server name?
>http://servername/ or http://hostname/
>2. Is your router a NAT router?
>On a private network, the LAN users, use private IP and
naming and the
>Internet (public network) uses public addressing and
naming.
>
>I have a domain: domain.com (public) The private domain
is
>internal.domain.com If I try to get to the public name
with
>http://domain.com/ while on the private network, I get
the configuration for
>my NAT router. The public address of the web server is
the NAT routers
>public address. The NAT router allows port 80 (HTTP) to
a specific internal
>(private) IP address: 192.168.0.9.
>
>Internally, I can surf to my web site with
http://hostname/ (FS1) or
>http://internal.domain.com/ because I have an entry in
my private DNS that
>points the domain (internal.domain.com) to 192.168.0.9.
>
>I can also get there with the FQDN:
fs1.internal.domain.com but not with
>fs1.domain.com because internally addressing/naming is
not available
>publicly so nobody else could route to my internal
domain either. They
>would have to use the public addressing fs1.domain.com
and only if FS1 was
>an Address or a CNAME (alias) in the public DNS.
>
>I should have qualified the NAT router first. I
apologize for that.
>
>--
>Roland
>
>This information is distributed in the hope that it will
be useful, but
>without any warranty; without even the implied warranty
of merchantability
>or fitness for a particular purpose.
>
>
>.
>