[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Raq3 and Qube 2 Configuration issues

Eric Lewis wrote:

> The gentlemen at the DSL provider have mapped via the router, two of my LAN
> IP  ( 192.168.1.105 and 192.168.1.106) to two static IPs ( xxx.xx.xxx.20 and
> xxx.xx.xxx.21)

The last time we tried this we had nothing but problems <frown>.  Can
you get those static IP#s routed through your router as an exception to
the NAT?  It would make life a lot easier.

It would be easier for us to help you figure this out if you'd post your
IP#s.  I presume you're not doing it because you have some concerns
about privacy.  So let me get this straight... you'll use DNS to publish
your IP#s to the world, but you won't tell us, and you want us to help
you?  Come on now, make it easier for us <wry grin>.

> Now, I have a Qube 2 set up  on xxx.xx.xxx.20 functioning as a DNS server.
> It has been running well, and the DNS has been working well for several
> sites set up on a Raq2 colocated elsewhere.

Are you saying you're using a DNS server on a DSL line to host DNS for
sites located elsewhere on the 'net?  Very poor idea.  When DSL lines go
down (and they do; here in southern California they go down often
<frown>) the don't get fixed as quickly as T1s, etc.  DNS is really the
most important service you've got as nothing else works without it.  I'd
get DNS off your DSL connection and on to something a lot more robust
(such as the multi-location DNS we offer <smile>) quickly.

> This Qube IS accessable via its
> DNS host name ns1.mydnsdomain.com and via its IP address xxx.xx.xxx.20 from
> insid the LAN and via the internet, and via its LAN IP of 192.168.1.105
> inside the LAN.

Can't prove it by me, since I don't know the real domain or IP#.  I'll
have to take your word for it <wry grin>.

> Two days ago, I put a freshly restored Raq3i up and assigned it the
> xxx.xx.xxx.21 IP.  The raq IS NOT accessable via its WAN IP of
> xxx.xx.xxx.21, either inside or outside the LAN. It IS accessable inside the
> LAN via the LAN IP of 192.168.1.106.

Which IP# did you use for the RaQ's primary IP#?  The internal lan
address, or the external address?

What do you mean by _not_ accessible?  Do you mean the "/admin" website
isn't accessible?  Or some other service?

> There is one virtual site set up on the
> Raq3I, using the Qube as DNS for the domain, and that domain IS accessable
> via the net and the LAN, and I can reach the Raq3i GUI via the domain setup
> on it by entering www.raqdomain.com/admin.

Which IP# did you use for the domain you set up?  The internal IP#, or
the external one?

> I have both the Qube2 and the Raq3i set up with the DSL provider's DNS
> server as the Primary IP, and the primary interface settings set up with the
> LAN IP, not the WAN IP that is mapped to the WAN IP.

A very confusing paragraph.  If I understood it, I'd have the answers to
my questions, I'm sure <wry grin>.  What do you mean by the "DSL
provider's DNS server"??? I thought you were using your own DNS?  I'm
think (based on your paragraph above) you've said your using your
internal IP# for the RaQ's primary address.  If so, that's why you can't
get to it from the outside world... 

The RaQ creates a virtual site for every site on the machine; even your
"main" site.  The site is hosted at whatever your IP# is that you set up
for the main IP# on the RaQ.  In your case it's your internal one.  So
when you use an outside address to find the box, your router does what
it's supposed to do, and NATs the packets so they get to your RaQ.  But
the http headers still show the "outside" IP#, and your RaQ doesn't have
a virtual host block for that, so it can't find the site.

When you try to reach your virtual site from outside, your router NATs
the packets and forwards them on your RaQ.  Once the RaQ gets them, it
ignores the packet-headers, and the http headers show the "outside" IP#,
which is most likely what you've got set up for your sites, so you can
see your sites from the outside.

At least that's my guess... since you didn't give us realworld examples.

> Can anyone shed some light on the problem of why the Qube2 will resolve with
> a straight IP request, but the RAQ won't?  Traceroute for each IP seems to
> go strait to the IP.  Pings to the IPs work.  FTP to the xxx.xx.xxx.21 IP
> connects.

Because the Qube doesn't use virtual host blocks in httpd.conf would be
my guess.

> Since the Raq is serving pages for the virtual sites anyway, does it matter?

Probably not.

> I have a feeling that it will affect the Raq as a mail server, which I
> intend to use it as for the virtual sites I set up on it.

It shouldn't affect the incoming mail.  Though mail is quite independent
of IP#s, the one problem we saw was that since all your email will go
out with an internal IP# as the main IP# of the mail-server, many sites
wouldn't accept email from us, because that IP# would NOT reverse
properly.  We resolved this issue by moving the machine <smile>, but one
way which might have worked (we didn't try it) would have been to set up
the primary NIC port to the "outside" address and the secondary NIC port
to the "inside" address, and connect both to your internal lan.

If you try that second way, and it works for you, please let us all know
<smile>.

Jeff
-- 
Jeff Lasman <jblists@xxxxxxxxxxxxx>
Linux and Cobalt/Sun/RaQ Consulting
nobaloney.net
P. O. Box 52672, Riverside, CA  92517
voice: (909) 778-9980  *  fax: (702) 548-9484