Topic: No local access to Domain Name

[newburns]

I am currently using SME 8, but had this problem in 7 as well. I have SME setup in server gateway mode, where I put in the local IP first which is say 10.1.10.12, then at the end of the setup I put in the static, 173.161.83.65, and the ip of the modem internet connection, 173.161.93.66
Now my problem is that I can't access http://www.rburnsplumbing.com locally. I can get to it via, 10.1.10.12, but that doesn't help for my http://groupware.rburnsplumbing.com ---> http://groupware.10.1.10.12 doesn't work, and neither does proxypass. Proxypass has an error with xajax java not being the correct url. Any idea what this could be? It's not my modem or ISP because it does register in the logs:

Code: [Select]

Mar 23 14:30:49 rplumbing-local smbd[32052]: [2010/03/23 14:30:49,  0] rpc_server/srv_netlog_nt.c:336(get_md4pw)
Mar 23 14:30:49 rplumbing-local smbd[32052]:   get_md4pw: Workstation ESTIMATOR-1$: no account in domain
Mar 23 14:30:49 rplumbing-local smbd[32052]: [2010/03/23 14:30:49,  0] rpc_server/srv_netlog_nt.c:584(_netr_ServerAuthenticate3)
Mar 23 14:30:49 rplumbing-local smbd[32052]:   _netr_ServerAuthenticate3: failed to get machine password for account ESTIMATOR-1$: NT_STATUS_ACCESS_DENIED

[piran]

Any idea what this could be?

SME control panel | Configuration | Domains | Domain DNS servers = Internet DNS servers Resolve locally ?

[newburns]

Nope, it still doesn't allow me on. Only by local address. However, resolve locally made the error message in log go away. Now it doesn't say anything in log.

Config: --->

Networking Parameters
Server Mode servergateway
Local IP address / subnet mask 10.1.10.150/255.255.255.0
External IP address / subnet mask 173.161.83.65/255.255.255.0
Gateway 173.161.83.66
Additional local networks 10.1.10.0/255.255.255.0
DHCP server disabled

Server names
DNS server 10.1.10.150
Web server www.rburnsplumbing.com
Proxy server proxy.rburnsplumbing.com:3128
FTP server ftp.rburnsplumbing.com
SMTP, POP, and IMAP mail servers mail.rburnsplumbing.com

Domain information
Primary domain rburnsplumbing.com
Virtual domains eccogic.rburnsplumbing.com
groupware.rburnsplumbing.com
rburnsplumbing.com
davegw.rburnsplumbing.com
Primary web site http://www.rburnsplumbing.com
Server manager https://rplumbing-local/server-manager/
User password panel https://rplumbing-local/user-password/
Email Addresses useraccount@rburnsplumbing.com
firstname.lastname@rburnsplumbing.com
firstname_lastname@rburnsplumbing.com
 
And Also, the Domains: --->

Current list of domains
Domain name Brief                     description                       i-bay                      Domain DNS servers
davegw.rburnsplumbing.com       eGroupware WebDAV Site    egwdav                       Resolve locally
eccogic.rburnsplumbing.com     Crusaders Site                    Primary                        Resolve locally
groupware.rburnsplumbing.com eGroupware Main Site   egw/1.6/egroupware              Internet DNS servers
rburnsplumbing.com                  Primary domain                  website                       Resolve locally
--------------------------------------------------------------------------------

Corporate DNS Settings
 
If this server does not have access to the Internet, or you have special requirements for DNS resolution, enter the DNS server IP address here. You should not enter the address of your ISP's DNS servers here, as the server is capable of resolving all Internet DNS names without this additional configuration.

P.S. How do I add a print screen to the forum?

[johnp]

If you aren'r using DHCP from this box, what is providing the options to your host machines?

Have you tried doing a ping from the server to that url?

[newburns]

I haven't 'ping'ed from the server to the comcast modem, but I have done it the other way. The comcast tools says that it is 4 packets sent, 4 packets received. 0% lossed. However, if it will eliviate my problem, I can let the server do the dhcp and turn it off on my comcast modem. Secondly, I should be able to use all the internet site blocking utilities under the server when it does the dhcp, or does all internet traffic have to be routed through the server to the inter? client pcs>eth0>server>eth1>comcast modem?

Also, is there anything I should watch out for when changing dhcp to the server, like all the IPs of client PCs? Do i have to go through and change all the clients to static?

[johnp]

client pcs>eth0>server>eth1>comcast modem?

This should work. I would like to know how it is setup now. I have seen that some business class Comcast modems do nat on their lan ports and you have open all ports to the wan nic on the server. I don't know if this is your case.

My home setup is just as described above and works just fine.

[cactus]

P.S. How do I add a print screen to the forum?

Post it somewhere online as an image and insert it using the button.

[newburns]

My home setup is just as described above and works just fine.

Just to recap. Going through configure this server --->
First--- my local ip and 255.255.255.0 ( Local IP being 10.1.10.1-199 to match the comcast modem already, and still have access to it)

Second--- My static IP, 255.255.255.0, then the External IP of the modem.

Last--- say yes to DHCP

And everything should be ok after that, all printers should continue on the same DHCP IP numbers they have now, such as HP Officejet is 10.1.10.188

[newburns]

I would like to know how it is setup now. I have seen that some business class Comcast modems do nat on their lan ports and you have open all ports to the wan nic on the server

What I have now is DMZ on my modem set for the static IP, 173.161.83.65
Then I have the server setup for the local IP to be 10.1.10.1--255.255.255.0
Then server-gateway mode, no DHCP, static IP; using 173.161.83.65, 255.255.255.0
Last is the modem IP, 173.161.83.66

[cactus]

Just to recap. Going through configure this server --->
First--- my local ip and 255.255.255.0 ( Local IP being 10.1.10.1-199 to match the comcast modem already, and still have access to it)

Second--- My static IP, 255.255.255.0, then the External IP of the modem.

Do I understand correctly that you WAN and LAN side of your SME Server are in the same ip range with overlapping subnets? If that is the case you should fix that as networks separated by a gateway should not overlap.

To make it more clear to us can you perhaps draw a diagram like this, with IP numbers and subnet ranges:

Code: [Select]

       WAN
        |
(a.b.c.d:w.x.y.z)
     Comcast
(a.b.c.d:w.x.y.z)
        |
(a.b.c.d:w.x.y.z)
    SME Server
(a.b.c.d:w.x.y.z)
        |
(a.b.c.d:w.x.y.z)
       LAN


[newburns]

                                           Wan
                                              |
                                  Comcast Modem        <----- DHCP
                            10.1.10.1        173.161.83.66
                                  /                               \
                           Switch                     SME Server (eth1)
                            /      |                    173.161.83.65 (DMZ)
             Client PCs   SME Server                (web host)
       10.1.10.1-190   10.1.10.150

Locally, on client PCs, I have to access my website via 10.1.10.1, and that doesn't work for my groupware.10.1.10.1, also, proxy pass doesn't work because the internal links are defined by the domain name, so the java doesn't load on proxy pass. Neither does my Subsonic MP3 streamer.

Oh yea, everything is 255.255.255.0, never paid that much attention to it, just figured it was how many pcs can be leased, 0-255

[cactus]

                                           Wan
                                              |
                                  Comcast Modem        <----- DHCP
                            10.1.10.1        173.161.83.66
                                  /                               \
                           Switch                     SME Server (eth1)
                            /      |                    173.161.83.65 (DMZ)
             Client PCs   SME Server                (web host)
       10.1.10.1-190   10.1.10.150

Are you sure you have setup everything OK? I don't think you have things setup correctly. Does your Comcast modes have one connection to the internet or more? I assume that the two occurences of SME Server are one server in server-gateway mode.

You have a conflicting and overlapping IP range in your network as you have a network with overlapping ranges (10.1.10.0:255:255:255), that is most likely causing your routing issues.

If my assumption is correct you have created a loop in your network which you should never do as there now is a route from the WAN to the local interface of the SME Server without pasing SME Servers firewall.

My guess is your setup should be something like this:

Code: [Select]

         WAN
          |
    173.161.83.66
       Comcast
(10.1.10.0:255.255.255.0)
          |
   (eth1:10.1.10.1)
      SME Server
   (eth0:10.1.n.1)
          |
   (eth0:10.1.n.m)
        Switch
 (10.1.x.0:255.255.255.0)
          |
      Client PC'sOn your Comcast mode you than configure the default server to point to the outside IP address of your SME Server or only forward specific ports (for instance 25, 80, 443 etc.)

If you do not need SME Server as a firewall you can configure it as server-only and connect it to the switch just like your other clients in the network. Make sure only one instance is providing DHCP in that case otherwise you can create conflicts.

I think you need to read-up some more on basic network setup as I suspect a lack of knowledge judging from your configuration.

[newburns]

Sorry, Image links were my server local ip

I will change it to NAT 1:1 and just have the local, however, I figured in the SME setup it asked for local IP, static IP, and modem IP; so that's what I put in.
Just so everything is understood, all IPs are seen by modem, and the configs look ok, no errors, I just can't get to my own website! LOL

[johnp]

Since your site is accessable from the internet, the WAN/DMZ is working.

I myself would likely change the LAN to be on a different subnet that the comcast nated LAN.

Comcast/DMZ -- WAN (SME) -- LAN (with new subnet 10.1.11.0 255.255.255.0 using ip address 10.1.11.1) -- Switch --Local PC's

I would also turn on dhcp for the LAN with a range 10.1.11.10-199

The only drawback may be access to the comcast router. If really needed, I'd use a cheap gateway router between the 2 with a static ip on the LAN side (out of the dhcp scope) and add 10.1.10.0 255.255.255.0 as a local network that is accessed via that static.

[newburns]

Comcast/DMZ -- WAN (SME) -- LAN (with new subnet 10.1.11.0 255.255.255.0 using ip address 10.1.11.1) -- Switch --Local PC's

                                   Comcast/Wan
                                   173.161.83.66
                                           |
                                    Sme Server
                                 173.161.83.65 (eth1)
                                           |
                                     Sme Server
                                    192.168.1.1  (eth0) <-----DHCP
                                           |
                                       Switch
                                           |
                                      Client PCs
                                 192.168.1.2-199
It will know or ask to use eth0 for the DHCP?
______________________________________________
Then, I will be using
SME firewall
SME internet Site Filtering

What other options are available to me now that all traffic is routed through the server? Secondly, what kind of speed decrease will I be looking at once all the printers and PC are on and running > let's say 10 pc, 6 printers

P.S. What is the standard IP range that Devices use, 192.168.0.1-255 or 192.168.1.1-255