Article 10225 at 07/06/25 06:06:55 From: arturs (at mark) netvision.net.il Subject: [coba-e:10225] Re: Unable to access virt sites from outside the local network. {Scanned}

Index: [Article Count Order] [Thread]
Date:  Mon, 25 Jun 2007 00:04:47 +0300
From:  Arthur Sherman <arturs (at mark) netvision.net.il>
Subject:  [coba-e:10225] Re: Unable to access virt sites from outside the local network. {Scanned}
To:  coba-e (at mark) bluequartz.org
Message-Id:  <024e01c7b6a3$4c15f3a0$3701a8c0@user33b5201c50>
In-Reply-To:  <005c01c7b678$a404feb0$aa6b304b@etek3>
X-Mail-Count: 10225

> > It seems to be rather packet mangling issue, than routing, ot maybe 
> > both are involved.
> > 
> > I would check with the provider for his firewall.
> > 
> 
> 
> Since it's sitting on my network, I control the firewall.  
> Other systems on the network work fine, I can even get to the 
> admin site of this system, just fine from the outside.  This 
> only seems to affect access to virtual sites from outside the 
> network.  I can also SSH into the system, using any of the IP 
> addresses locally.  I've tried changing IP addresses, and 
> it's still not working.  This really seems like it's 
> something in the "box" the more I play with this, centered 
> around aliased interfaces not routing.  I think I've ruled 
> out iptables, apache, and I think I've ruled out IP address 
> configuration unless I'm just missing something obscure.  I 
> haven't messed with anything there, only used the GUI to set 
> up the site, and let it create its own alias for the NIC 
> which is the eth0:0 interface.
> 
> I even took this one step further and created a new virtual 
> site, set up my external DNS and that failed too.  I can 
> properly resolve the FQDN to the proper IP address, can hit 
> the site locally, but still can't get to it from the outside.
> 
> I think I'm down to my last hair here... And my desk is 
> getting a little messy.  If anyone else can think of 
> something I'm willing to try it as it this point my next move 
> might be to try moving the site off, reinstalling, and moving 
> it back.  This all worked at one time, then it just stopped, 
> and that is the most frustrating since I hadn't been working 
> on it for a couple of months and it just sat there idle.


Look at this:

Request for virtual site comes from outside --> resolving request to your
DNS --> it says go to the firewall --> firewall further resolves them to IP
(is their some name caching enabled?) --> this doesn't work
Is this right?
Same thing but from inside --> not through the firewall? --> resolving works

Thus, I assume it is firewall or maybe some additional router which mangles
packets, or cuts reply, which could both provide the error.

This is where I see this problem

Maybe setting the BQ DNS to be SOA for its sites could resolve this.

My 2p.


Best,

--
Arthur Sherman