Perplexing network problem.

Hi all, my friend is having this strange network issue, and Ive run
out of ideas to try and help him. Heres his deal....

Its a home network setup. A webserver running Gentoo Linux and Apache.
The sites address is gaijin.ath.cx.

The problem:
When hes internal on his network on a windows xp machine that is fully
functional otherwise, he cant browse to his own website using either
the gaijin.ath.cx address, or the ip that that address resolves to,
24.163.109.67. He can browse to it using the internal ip of the linux
box, 192.168.0.11. You can get to the site externally using either the
IP or the fqdn.
He can successfully ping the 24.163.109.67 address from the xp
machine.

The xp box's ip is 192.168.0.10. Both machines have static IPs.
Hes using his isp's dns servers, 24.25.5.150 and 24.25.5.149.

My friend thinks maybe its dns related, but Im thinking maybe not
because of the fact that he cant get to the site internally using the
ip address, which should not use any dns servers, is that line of
thinking correct?

Anyone have any ideas?

Thanks
-MK

Hello,

(E-Mail Removed) a écrit :
>
> When hes internal on his network on a windows xp machine that is fully
> functional otherwise, he cant browse to his own website using either
> the gaijin.ath.cx address, or the ip that that address resolves to,
> 24.163.109.67. He can browse to it using the internal ip of the linux
> box, 192.168.0.11. You can get to the site externally using either the
> IP or the fqdn.
> He can successfully ping the 24.163.109.67 address from the xp
> machine.

Is the server behind a NAT router acting as a gateway for the server and
the Windows box and doing port forwarding for the server ?
Or is the server itself doing the NAT and acting as a gateway for the
Windows box ?

On Feb 9, 10:14 am, Pascal Hambourg <boite-a-s...@plouf.fr.eu.org>
wrote:
> Hello,
>
> mekmio...@gmail.com a écrit :
>
>
>
> > When hes internal on his network on a windows xp machine that is fully
> > functional otherwise, he cant browse to his own website using either
> > the gaijin.ath.cx address, or the ip that that address resolves to,
> > 24.163.109.67. He can browse to it using the internal ip of the linux
> > box, 192.168.0.11. You can get to the site externally using either the
> > IP or the fqdn.
> > He can successfully ping the 24.163.109.67 address from the xp
> > machine.
>
> Is the server behind a NAT router acting as a gateway for the server and
> the Windows box and doing port forwarding for the server ?
> Or is the server itself doing the NAT and acting as a gateway for the
> Windows box ?

I have time just to pop my head in here quick, busy at work today.

Yes the server is behind a NAT router, its a Netgear router...I can
get the exact model later. Also the domain name ath.cx came from
dyndns. Thanks for your time!

-MK

(E-Mail Removed) a écrit :
>
> Yes the server is behind a NAT router, its a Netgear router...

For some reasons, port forwarding on SOHO routers usually works only on
the internet side, not on the internal network side. It would be
possible to have it working with a Linux-based router however.

A common workaround is based on name resolution. If you have your own
internal DNS server/relay (bind, dnsmasq...) used by the internal
clients, you might be able to force it to resolve gaijin.ath.cx into the
internal server IP address instead of the public IP address. Else you
can override the DNS resolution on the internal clients by adding the
name and local address in the "hosts" file.
/etc/hosts on most Unix-based systems
<windir>\hosts on Windows 9x systems
<windir>\system32\drivers\etc\hosts

The active hosts file has no extension. Beware hidden extensions on
Windows systems. You may also find a file hosts.sam which is an inactive
sample hosts file.

Pascal Hambourg a écrit :
>
> For some reasons, port forwarding on SOHO routers usually works only on
> the internet side, not on the internal network side. It would be
> possible to have it working with a Linux-based router however.
>
> A common workaround is based on name resolution. [...]

I forgot to mention another workaround for web servers : use an external
HTTP proxy. The proxy will reach the server from the outside, so the
port forwarding will work.

On Fri, 09 Feb 2007 20:29:58 +0100, Pascal Hambourg wrote:

> (E-Mail Removed) a écrit :
>>
>> Yes the server is behind a NAT router, its a Netgear router...
>
> For some reasons, port forwarding on SOHO routers usually works only on
> the internet side, not on the internal network side. It would be possible
> to have it working with a Linux-based router however.
>
> A common workaround is based on name resolution. If you have your own
> internal DNS server/relay (bind, dnsmasq...) used by the internal clients,
> you might be able to force it to resolve gaijin.ath.cx into the internal
> server IP address instead of the public IP address.

You can make a DNS server return an alternate address for just the one
name by creating a zone called "gaijin.ath.cx" with an A record at "zone
top" - label "@" in bind. This will have no effect on the rest of ath.cx.
It doesn't matter that gaijin.ath.cx isn't a zone in its own right on the
Internet.

Regards, Ian

On Feb 9, 4:18 pm, Ian Northeast <i...@house-from-hell.demon.co.uk>
wrote:
> On Fri, 09 Feb 2007 20:29:58 +0100, Pascal Hambourg wrote:
> > mekmio...@gmail.com a écrit :
>
> >> Yes the server is behind a NAT router, its a Netgear router...
>
> > For some reasons, port forwarding on SOHO routers usually works only on
> > the internet side, not on the internal network side. It would be possible
> > to have it working with a Linux-based router however.
>
> > A common workaround is based on name resolution. If you have your own
> > internal DNS server/relay (bind, dnsmasq...) used by the internal clients,
> > you might be able to force it to resolve gaijin.ath.cx into the internal
> > server IP address instead of the public IP address.
>
> You can make a DNS server return an alternate address for just the one
> name by creating a zone called "gaijin.ath.cx" with an A record at "zone
> top" - label "@" in bind. This will have no effect on the rest of ath.cx.
> It doesn't matter that gaijin.ath.cx isn't a zone in its own right on the
> Internet.
>
> Regards, Ian

Thanks for your input Pascal. I have almost the exact same setup at my
place, except Im using a Linksys BEFW11S4 router. You think its
something in the Netgear router? Interesting.

On Feb 9, 6:30 am, "mekmio...@gmail.com" <mekmio...@gmail.com> wrote:

> The problem:
> When hes internal on his network on a windows xp machine that is fully
> functional otherwise, he cant browse to his own website using either
> the gaijin.ath.cx address, or the ip that that address resolves to,
> 24.163.109.67. He can browse to it using the internal ip of the linux
> box, 192.168.0.11. You can get to the site externally using either the
> IP or the fqdn.
> He can successfully ping the 24.163.109.67 address from the xp
> machine.

This is expected behavior. The IP address of his website, from the
outside, is the IP address of his router, which is configured to
gateway connections from the outside to that machine. If he attaches
from the inside, he bypasses that gatewaying.

DS

On Feb 9, 10:24 pm, "David Schwartz" <dav...@webmaster.com> wrote:
> On Feb 9, 6:30 am, "mekmio...@gmail.com" <mekmio...@gmail.com> wrote:
>
> > The problem:
> > When hes internal on his network on a windows xp machine that is fully
> > functional otherwise, he cant browse to his own website using either
> > the gaijin.ath.cx address, or the ip that that address resolves to,
> > 24.163.109.67. He can browse to it using the internal ip of the linux
> > box, 192.168.0.11. You can get to the site externally using either the
> > IP or the fqdn.
> > He can successfully ping the 24.163.109.67 address from the xp
> > machine.
>
> This is expected behavior. The IP address of his website, from the
> outside, is the IP address of his router, which is configured to
> gateway connections from the outside to that machine. If he attaches
> from the inside, he bypasses that gatewaying.
>
> DS

I didnt expect it because my router doesnt do that. Like I said I have
the same setup except I have a linksys router and a linksys switch,
but mine works fine. I didnt have to do any special configuration on
the router at all. Seems strange that the manufacturers would choose
not to add that functionality.

-MK

-MK