Apache DNS not recognised - config help requested
 

Hi,

Just finishing off setting up a server, and am having trouble getting Apache to recognise the domain name I've been assigned (statsmail.trehtcancer.nhs.uk).

Initially I was getting the following errors in the logs...

So I added 'ServerName statsmail.trentcancer.nhs.uk' to /etc/apache2/httpd.conf and also /etc/apache2/apache2.conf, and restarted the server and the error message has gone...

But connections just time out now when I point the browser at the address, despite the fact I can see it on localhost *i.e. 127.0.1.1).

I think I'm missing something in the configuration though because it Apache doesn't appear to be listening on the Foreign Address as netstat shows...

Any pointers on where I might have gone wrong would be appreciated (can post config files if required). Feels like I'm so close, but not quite there!

Cheers

slack

apache listens on all the available interfaces as it's shown by the "*" in the netstat output. I guess you have to add an entry in /etc/hosts like this:
where x.x.x.x is your ip.

Forgot to add that I'd seen that mentioned in another thread in these forums and have the following already in there...

Restarted apache and still no dice.

There's no firewall in place on the local machine either...

But this computer has been placed in a DMZ, and strangely the IP address that ifconfig reports is not the same as that which www.whatismyipaddress.com reports and I've been told the computer is configured as (purposefully omitted loopback btw)...


I've been told the computers been setup with DNS as statsmail.trentcancer.nhs.uk and nslookup reports a different IP associated with this address (its reporting the same as www.whatismyipaddress.com)


The DNS administrator here at the place I work has told me that port 80 isn't blocked at all (nor is 25), although given he doesn't appear to have read 80% of each of the emails I've sent him I get the impression he's not too up to speed on what I'm trying to do or how to set it up properly at his end.

So the ip of the box is 192.168.2.22. Can you access http://192.168.2.22 from the same box running apache?
If you can, I guess it's a problem with ip_forwarding from 10.211.48.240 --> 192.168.2.22 assuming that there is no firewall in between.

Ah ha, I think you're onto something bathroy.

I can indeed access http://192.168.2.22/ on the machine itself.

How do I go about getting the forwarding set up?

Would it be an entry in /etc/hosts that maps one to another? (My suspicion is its not since /etc/hosts is traditionally for mapping names to IP address', no?)

Is forwarding of one IP's address's to another an aspect of the DMZ? Since the 10.211.48.240 is what this appears to the outside world, whilst within teh DMZ the server thinks its 192.168.2.22?

If everything is setup correctly in your router, you can access your server from outside your 192.168.2 network using its public ip 10.211.48.240. Try it from a computer in dmz and see what you get.

I'm not sure I have access to a computer on the DMZ, that itself is separate from the rest of the network here (IT are based in another building in the city).

I've contacted the guy who registered the DNS though and have asked (well basically told him, as the impression I get is that he knows less than I do, being cynical, but probably a M$-Windoze flunky) that the forwarding of requests to 10.211.48.240 isn't making it to 192.168.2.22 within the DMZ, because everything works on the server itself but not when the FQDN is used.

If you don't need your server to be accessible outside from your network, then ask the dns guy to change the ip in the dns to 192.168.2.22 and change the entry in your /etc/hosts accordingly.

Regards

I don't think I can do that as I can't telnet to 192.168.2.22 (or 10.211.48.240 for that matter) from my computer here at work (nor ping either address) and my understanding is that the DMZ is isolated from the rest of the network.

I'll see what the IT/DNS guy comes back with, cheers for your help so far (got to head home and take my sick cat to the vets now though).

slack

FYI, 192.168.2.22 would NEVER be accessible to the outside world as this is an RFC 1918 private/reserved IP address. It may not be routed. If you are using a NAT-DMZ (Network Address Translation DMZ) they will need to forward requests for 10.211.48.240 to 192.168.2.22. Alternatively, they can place you on another subnet with direct internet access and the machine may be reconfigured as 10.211.48.240. (If you choose the latter route, I do suggest setting up a firewall at that time unless they will continue to keep you behind the corporate firewall.)

See http://en.wikipedia.org/wiki/IP_address: ip range 10.0.0.0 - 10.255.255.255 is also a reserved range.
I couldn't nslookup or ping 194.72.7.142 : is that a private server?

Right, cheers for the pointers guys.

There is another set of firewalls in place that I was completely unaware of and it does appear as though port-forwarding isn't established correctly.

I've taken the computer out of the DMZ, put it on the local intranet and can access web-pages fine.

Apparently the people in charge of this extra firewall are "looking into the problem" (i.e. someones not in work today and I have to wait until they are back tomorrow before it can be fixed!).

Cheers for the help/pointers, kind of glad to know that its not anything I did!

slack