Apache DNS not recognised - config help requested
Hi,
Just finishing off setting up a server, and am having trouble getting Apache to recognise the domain name I've been assigned (statsmail.trehtcancer.nhs.uk). Initially I was getting the following errors in the logs... Code:
[Tue Oct 06 08:26:38 2009] [notice] SIGUSR1 received. Doing graceful restart Code:
[Tue Oct 06 08:26:38 2009] [notice] SIGUSR1 received. Doing graceful restart I think I'm missing something in the configuration though because it Apache doesn't appear to be listening on the Foreign Address as netstat shows... Code:
root@miles:/etc/apache2# netstat netstat -a -tcp Cheers slack |
Quote:
Code:
x.x.x.x statsmail.trehtcancer.nhs.uk |
Forgot to add that I'd seen that mentioned in another thread in these forums and have the following already in there...
Code:
10.211.48.240 statsmail.trentcancer.nhs.uk There's no firewall in place on the local machine either... Code:
Code:
I've been told the computers been setup with DNS as statsmail.trentcancer.nhs.uk and nslookup reports a different IP associated with this address (its reporting the same as www.whatismyipaddress.com) Code:
The DNS administrator here at the place I work has told me that port 80 isn't blocked at all (nor is 25), although given he doesn't appear to have read 80% of each of the emails I've sent him I get the impression he's not too up to speed on what I'm trying to do or how to set it up properly at his end. |
So the ip of the box is 192.168.2.22. Can you access http://192.168.2.22 from the same box running apache?
If you can, I guess it's a problem with ip_forwarding from 10.211.48.240 --> 192.168.2.22 assuming that there is no firewall in between. |
Quote:
Ah ha, I think you're onto something bathroy. I can indeed access http://192.168.2.22/ on the machine itself. How do I go about getting the forwarding set up? Would it be an entry in /etc/hosts that maps one to another? (My suspicion is its not since /etc/hosts is traditionally for mapping names to IP address', no?) Is forwarding of one IP's address's to another an aspect of the DMZ? Since the 10.211.48.240 is what this appears to the outside world, whilst within teh DMZ the server thinks its 192.168.2.22? |
If everything is setup correctly in your router, you can access your server from outside your 192.168.2 network using its public ip 10.211.48.240. Try it from a computer in dmz and see what you get.
|
Quote:
I've contacted the guy who registered the DNS though and have asked (well basically told him, as the impression I get is that he knows less than I do, being cynical, but probably a M$-Windoze flunky) that the forwarding of requests to 10.211.48.240 isn't making it to 192.168.2.22 within the DMZ, because everything works on the server itself but not when the FQDN is used. |
If you don't need your server to be accessible outside from your network, then ask the dns guy to change the ip in the dns to 192.168.2.22 and change the entry in your /etc/hosts accordingly.
Regards |
Quote:
I'll see what the IT/DNS guy comes back with, cheers for your help so far (got to head home and take my sick cat to the vets now though). slack |
FYI, 192.168.2.22 would NEVER be accessible to the outside world as this is an RFC 1918 private/reserved IP address. It may not be routed. If you are using a NAT-DMZ (Network Address Translation DMZ) they will need to forward requests for 10.211.48.240 to 192.168.2.22. Alternatively, they can place you on another subnet with direct internet access and the machine may be reconfigured as 10.211.48.240. (If you choose the latter route, I do suggest setting up a firewall at that time unless they will continue to keep you behind the corporate firewall.)
|
See http://en.wikipedia.org/wiki/IP_address: ip range 10.0.0.0 - 10.255.255.255 is also a reserved range.
I couldn't nslookup or ping 194.72.7.142 : is that a private server? |
Right, cheers for the pointers guys.
There is another set of firewalls in place that I was completely unaware of and it does appear as though port-forwarding isn't established correctly. I've taken the computer out of the DMZ, put it on the local intranet and can access web-pages fine. Apparently the people in charge of this extra firewall are "looking into the problem" (i.e. someones not in work today and I have to wait until they are back tomorrow before it can be fixed!). Cheers for the help/pointers, kind of glad to know that its not anything I did! slack |
All times are GMT -5. The time now is 12:30 PM. |