Cannot access own public web and mail server from LAN addresses
Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Cannot access own public web and mail server from LAN addresses
I have two nagging problems on one network which I do not have on another elsewhere, both using uptodate Debian servers. The server is on the private subnet behind a router/adsl modem.
The symptoms of the one which does not work
1) Users cannot access their web site from lan. If they try, they get to the router web interface, same as if they entered http:10.0.0.138 which is the router's lan address.
2) Users cannot access smtp or pop3 service using the domain name, they can access it only using the servers LAN address.
I fear that I might have not set up the router properly because appart from that the two servers are almost identical but I do not know where I might have made an error.
I assume that your router is set up to be the gateway in your LAN, right? So if your users try to go to their website do they use a http://website.domain.com or http://000.000.000.000 (ip-address)?
If they use domain name, how are your DNS settings? Do you have your own DNS server in house? Or does all naming services get provided by the ISP's DNS servers?
Is your router setup to accept traffic for http and mail and redirect it to the correct server?
I assume that your router is set up to be the gateway in your LAN, right? So if your users try to go to their website do they use a http://website.domain.com or http://000.000.000.000 (ip-address)?
Eric
Yes
Quote:
Originally Posted by EricTRA
If they use domain name, how are your DNS settings? Do you have your own DNS server in house? Or does all naming services get provided by the ISP's DNS servers?
Is your router setup to accept traffic for http and mail and redirect it to the correct server?
Kind regards,
Eric
The simple answer to all your questions is that ALL works fine from outside the LAN. The router forwarding is fine - it works.
I have the DNS records at a registrar service which provides for DNS management.
The most simple way I can describe this: If I connect my laptop to the LAN at work, I have the described problems. The same laptop will work just fine from my home.
I am suspecting it has to do with NAT loopback - the router which works is Apple Airport Base Station, the one which does not is DLINK.
Can you perform a trace from a workstation to your smtp/pop server? Not using IP of course but the url you use from home to find out where the communication stops? I assume also it is your DLINK router that's causing the problem.
Also, do you have your mail server set up in DMZ or directly to the internet (which is pretty dangerous of course) and/or do you use a proxy server?
Is there a firewall configured on your router? Or separate firewall?
The router already provides a simple firewall by virtue of the way NAT works. By default NAT does not respond to unsolicited incoming requests on any port.
I never use DMZ, I forward the ports to the server.
I have only enabled SPI in the firewall. In ALG I have left enabled all
PPTP :
IPSec (VPN Passthrough) :
RTSP (Online Video Streaming) :
Windows/MSN Messenger :
FTP :
H.323 (Video Conferencing) :
SIP :
Wake-On-LAN :
MMS :
I will do the trace (excellent suggestion) when I get to the office but I think, that with the router-modem I have, I cannot achive the desired result. It is DLINK 2741B - I think DLINK is really a bad choice.
I've worked with DLINK in the past without any real problems, so I wouldn't say it was a bad choice. It just depends on what you need and what the DLINK model offers.
How did you configure access to your mail server in the router? Using port forwarding, ip rules, virtual server? Can you provide screenshots of those settings?
I might be mistaking about this but to me it seems that you only have port forwarding enabled from the outside to your mailserver, and by using domain (external DNS) you get bounced back to your own router. Don't know if it will work but try creating a port forwarding rule for your LAN network on the router so that it detects when communication is coming from inside LAN on port 25/110 that it doesn't have to throw it on the internet.
There probably is an easier way but I'm not sure how, maybe instead of using port forwarding you could use virtual server. Probably someone with more experience with those routers will kick in sooner or later.
I might be mistaking about this but to me it seems that you only have port forwarding enabled from the outside to your mailserver, and by using domain (external DNS) you get bounced back to your own router. Don't know if it will work but try creating a port forwarding rule for your LAN network on the router so that it detects when communication is coming from inside LAN on port 25/110 that it doesn't have to throw it on the internet.
Eric
If I knew how to
Quote:
try creating a port forwarding rule for your LAN network
To be able to communicate with devices inside your LAN from inside the LAN using the internet-routable address, you need to set up a feature called "NAT loopback" in your router. Whether this is possible or not depends on your router.
Another option is to use an internal DNS server and make the appropriate records point to the internal LAN IP-addresses.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.