Help understanding an apparent anomaly

[buckmacuk]

Hi, I have a small home network based round a Netgear DG814 running to broadband. Broadband gives me a dynamic IP address. I want to run a small web site from home. I have set up an account with DynDNS and it is updating regularly from my router.

What I'm having problems understanding (and it may be me being an idiot) is this: Other people (well one so far) who are outside my network can see the website. If I try to go to my alias, Firefox says that the connection was refused, and IE just gives the 'this page cannot be displayed message'.

I am running the site on port 8080 and have port forwarded this to the appropriate internal IP address and this is confirmed by Shields Up.

Help me understand why it is that I cannot go to my own site from inside my network by specifiying the URL of the dynamic alias. I can see it using localholst:8080.

Any ideas guys??

TIA Chris B

 

[spidey07]

the DNS is referring to your external IP address.

so you're trying to make a connection from the internal network, the the external IP address and that would in turn go back to your internal network. The router doesn't like that.

try using the actual IP address of the web server (like 192.x.x.x something), instead of the name.

 

[buckmacuk]

Yup, using the 192.x.x.x works - as I would expect since using localhost works. So it's down to the router being unhappy - mmmm, can you suggest any way that I can test that the site is actually visible from outside of my own network - other than asking favours of people? That's all I'm trying to achieve - to verify that what I can see is what everyone else can see (and also that any re-directs are working as they should)

TIA, Chris.

 

[ScottMac]

Add it to your "hosts" file:

C:\WINDOWS\SYSTEM32\DRIVERS\ETC

is the directory. There's a file called hosts.spl ...something like that. Just add your local ip address for the server, following the format in the sample file and save it as "hosts."

The hosts file is referenced before DNS kicks in, so it should find the local reference first.

For WIN2K it's in C:\WINNT\SYSTEM32\DRIVERS\ETC

Good Luck

Scott

 

[buckmacuk]

Nice call - I'd forgotten the hosts file, however, no cigar.

Added an entry for the alias pointing to the 'server' - same symptoms.

I can't believe that it's just not possible to go from my network, out into the internet and then back based on routing. That strikes me as slightly odd.

Cheers, Chris.

 

[JeffMD]

hmm, still, he should have no problem accessing his website by its external ip (its actually goes through the router, to the modem and then back to the router). It would be an issue if it was something like FTP, but not WWW.

 

[JackMDS]

The host file will work provided you give it just the name.

See example here: Windows Host File- What is it and How to Mange it?

:sun:

 

[statik213]

Originally posted by: buckmacuk
Hi, I have a small home network based round a Netgear DG814 running to broadband. Broadband gives me a dynamic IP address. I want to run a small web site from home. I have set up an account with DynDNS and it is updating regularly from my router.

What I'm having problems understanding (and it may be me being an idiot) is this: Other people (well one so far) who are outside my network can see the website. If I try to go to my alias, Firefox says that the connection was refused, and IE just gives the 'this page cannot be displayed message'.

I am running the site on port 8080 and have port forwarded this to the appropriate internal IP address and this is confirmed by Shields Up.

Help me understand why it is that I cannot go to my own site from inside my network by specifiying the URL of the dynamic alias. I can see it using localholst:8080.

Any ideas guys??

TIA Chris B

Whoa! Have the exact same problem, are you on verizon DSL? I can 'see' my web server behind the router from the internet - I tried SSH to another server and used 'links' (text based browser) to connect to my home server and everything was fine. I put the exact same address into my browser and 'Page not found'... WTF?
This worked perfectly fine on my old D-Link router/Earthlink cable. i just switched to verizon and found out that these barstards are blocking port 80 (working around that) and this crap with not seeing my server from behind the router.

Also, the funny thing is when I try the remote admin on my router from my machine behind the firewall it works perfectly - I can access the router. But I just change the port on that same addres to point to my webserver and no cigar.

I didn't think of the hosts file - will use that...

Also, since verizon seems to be chaning the IP so often checkout www.no-ip.com - basic service is free and you can do a port-80 redirect. Basically get a free subdomain on one of their top level domains (say me.redirectme.net) and say what port your web server is hosting on and then just type me.redirectme.net on any web browser and the site shows up wihtout getting mangled iport format addresses. You have to install a small piece of software that contacts no-ip servers whenever your ip changes to keep the dns forwards up to date.....

 

[ScottMac]

If the hosts file edit didn't work, you didn't do it right.

Also make sure you save the file as just "hosts" .... if you used notepad to edit it, notepad has a nasty habit of adding ".txt:" as an extension. Go to that directory and do a "dir" in DOS mode and verify that there's no extension.

If there's an extension, then do a "rename hosts.txt hosts" (or whatever the extension is).

The address should be the private (inside) address (192.168.1.1 ... whatever) NOT the outside address.

This DOES work ....



Scott

 

[hopejr]

ScottMac: That's not what the OP is wanting. The idea is to test using the external IP, not the hostname from DynDNS.

I have a similar problem if I try to access using the external ip address using the server that the site is running on. But if I try from another computer on the same network, it works. Try using another computer on your network (if you have another one).
The issue is more that the router doesn't like bounce backs to ports it is forwarding. If no ports are forwarded to another computer on the same network, it will work fine.

 

[statik213]

hopejr & buckmacuk are you guys signed up with Verizon? What router are you using? I'm on verizon dsl, mind sharing that info so we can figure out if it is an ISP specific problem or hardare specific? I' m at work and can't remember exactly which model mine is but i think it is the westell 327v. It's what verizon is giving out free wiht 1 year contracts, it is combo adsl modem/wireless router + switch.

Have you guys been succefull in accessing the router's management page 'remotely' from behind the router? On mine it loooks some thing like 'myexternalip:2420' - I think 2420 is the default remote management port on my router. Look at your router's remote man. config and try something like that and see if that works. I don't understand why that would work but not 'myexternalip:81' - where 81 is the port i'm hosting my web server on.

 

[buckmacuk]

Mmmmm - it looks like I've unearthed something here!

statik123 I'm not on Verizon - I'm over in the UK and am using BT - as far as I'm aware they don't block port 80 (after all, a friend on a different machine 200 miles away was able to access the web site)

hopejr I've tried using another machine on the same home network and it gives the same problem.

I have done this previously, but, it was with a cable provider who gave a near enough static ip address and the connection was totally different in that they gave me a lan connection (regular ethernet) out of the back of the cable box. This was handled by a single machine running firewall etc and acting as ICS for the rest of the network.

Now, with BT, I have a standard broadband connection with the DG814 connected - set to port forward 8080.

statik123 Great idea using router remote management! Tried that - got access from both machines using the DynDNS address. Now, why won't it let me see the other web (using the same port) but which is visible to others??? That's the tricky one.

Cheers - and thanks for all the help - I'll keep you posted.

Chris.

 

[statik213]

buckmacuk,

Well looks like we've got different ISPs and different hardawre.... damn... doesn't bring us close to figuring out what the problem is

I saw in another thread a few days ago, somethign about MAC filtering on someone who has a wireless connection to the router. MAC filtering is used mainly on wireless networks and I don't have anything like that enabled on my wired LAN.

Are these routers trying to be 'smart' and not forwarding traffic to wahtever reidrect ports that originates from withhin the LAN? that's the best conclusion i can come up with it.

I can contact the server from outside and I used port 80 redirect (free) through no-ip.com - so I can get whatever I need done.

I hate just 'living' with it.... but the hosts file lets me fake my address and such.... will post or PM if I find out anything else.... hopefully someone else with simiiar experience will post...

thanks buckmacuk!

 

[TeeDub]

If you have set up your router to forward all traffic to yourIP:8080 to an internal address of say 192.168.1.100:80 so that webtraffic wiull hit your server......


Then it makes sense that when you are receiving the reply from your webserver it is essentially wrapping back on itself. (ie. when the response comes back to 192.168.1.101, it will automatically be reforwarded to 192.168.1.100)

 

[statik213]

Originally posted by: TeeDub

If you have set up your router to forward all traffic to yourIP:8080 to an internal address of say 192.168.1.100:80 so that webtraffic wiull hit your server......


Then it makes sense that when you are receiving the reply from your webserver it is essentially wrapping back on itself. (ie. when the response comes back to 192.168.1.101, it will automatically be reforwarded to 192.168.1.100)

Don't understand what your are saying.... we aren't forwarding from port 8080 to 80... just externalip:8080 to internalip:8080 (81 in my case, others are using different ports by that's irrelevant).

BTW buckmacuk are you using norton personnel firewall? I've tried disabling it and have the same effect.

 

[hopejr]

I'm not with Verizon. I'm in Australia. My ISP is iiNet. My phone line is plugged into a D-Link DSL 300+ modem (crap if you ask me) plugged into a Belkin 4-port DSL Gateway/Router. I just tried remote admin from behind my router and it works fine.
I haven't got ports blocked by my ISP because there is the option to turn off port blocking on our ISP's account toolbox page. I have a dynamic IP and use No-IP.

 

[buckmacuk]

Hi everyone -
statik123 No, I'm not using Norton personal firewall - I rely on the built-in firewall within the router - which seems pretty good according to Shields Up

Anyway, on reflection, it's beginning to look to me as though the Netgear DG814 is NOT doing its port forwarding stuff. If I enable remote management, then I can, using my DynDNS get straight to it either from this system or from another in the same home net. However, if I try to get to the web server running at port 8080 it barfs. Using localhost:8080 works fine so I know the web server is working (and, don't forget, someone outside my net has been able to see it).

So, the question is what is different. The only thing I can see here is the damned router. It works for someone outside the firewall getting to my web server, it works for remote management so it is allowing me out to the outside world, then back to it, but it won't pass me back through for some obscure reason. Weird or what??

Any more thoughts folks?? I'll go have a dig round in the Netgear forums.

Cheers, Chris