[ale] Accessing Server without Domain Name

Christopher R. Curzio ale at accipiter.org
Thu Nov 7 23:33:39 EST 2002 

Aaron said nothing about DHCP, nor did he say anything about IP address
assigning, or that the router was the machine assigning addresses. He
simply said that he wanted to test his internal website out on the
internet by typing its IP address.

As I said in my original reply (which is still correct) "The traffic from
the internet needs a way to get to the internal box. The Router/Firewall
doesn't automatically know what kind of servers are running behind it, so
you have to forward port 80 to the actual webserver using whatever
provisions are inside the Router/Firewall."

The statement "I _thought_ all I needed to do was to dial in the static IP
address in any web browser" is perfectly correct. Your assertation that
the "only IP address he mentioned is the static one" is true in a literal
sense, but he mentioned that he has a home network. Anyone with sense
would realize every device on his home network probably has an IP address.


> Someone made the comment that he could test it from his 
> internal network, but he's already done that.

I wasn't aware the server was tested at all. He didn't seem to mention
that in his message. How did you find that out?

> The question was how does he get to a webserver that 
> sits behind his router that has a static ip.

...which I fully answered in my original message. 

> THE RECOOMENDATION WAS TO TYPE THE IP ADDRESS INTO 
> THE BROWSER, making reference to the static ip.

Nonsense. I told him "Typing the IP address in a web browser should work
fine on the same network as the webserver, however." Note the words "same
network". We're talking about his home network here, thus, internal
address space. I could have worded it better.

> Yes, if he uses the internal ip he will get there

...which is what "Typing the IP address in a web browser should work fine"
originally meant. 

> Wrong, because the bloody router is assigning the ip 
> to the webserver, so it knows where to send the goods.

Again, you're making assumptions further than the information given. As an
aside, if a machine on the internal network is having its IP address
reassigned, (assume on every reboot), how would the router device know
which machine gets the port 80 redirect? I've never seen this done. 

> Replace your linux box with my dual bastion/choke 
> firewall configuration with three static ips, vpn 
> router, dmz, web server and 9 computers on my 
> private network, and you should realize that I DO 
> KNOW WHAT I'M TALKING ABOUT....

You know, you started off your message with "Chill and read the threads."
Judging by all the caps, I think you might be the one who needs a Coke and
a smile. Relax. 

-- 
Christopher R. Curzio     |  Quantum materiae materietur marmota monax
http://www.accipiter.org  |  si marmota monax materiam possit materiari?
:wq!






Thus Spake Geoffrey <esoteric at 3times25.net>:
Thu, 07 Nov 2002 13:43:35 -0500


> Christopher R. Curzio wrote:
> > What are you talking about?
> 
> Chill and read the threads.
> 
> > 
> > Making an assumption that the IP address of the webserver is assigned
> > dynamically is a bad one, as that would be a pretty silly setup to
> > have an internal IP bouncing around where you have to constantly
> > redefine the external to internal port redirect.
> 
> First of all, we're talking about a router sitting in someone's house 
> connected to a DSL (static ip).  So, regardless of whether the router 
> assigns a static or dynamic ip to the various devices on the inside 
> network, he's still got a problem getting to it from the outside world. 
>   without telling the router where to send port 80 requests.
> 
> It will be a private IP that the internet is not privy to.  Further, ANY
> 
> request to his single static ip is not going to find it's way to the web
> 
> server inside.
> 
> Most of these devices do assign dynamic ips from a static list on a 
> first come first serve basis.
> 
> > Further, if he's on the same network
> > as the server, and types the IP of his server into the browser, the
> > router wouldn't even be bothered with the request.
> 
> His exact words:
> 
> 'I _thought_ all I needed to do was to dial in the static IP address in 
> any web browser, but that isn't quite working...'
> 
> Point being, the only IP address he's mentioned is the static one.  If 
> he types the static IP into a browser on his internal network, he will 
> get to the router, becasue the router has that ip assigned to it. 
> Otherwise, he'd never get to the internet at all.
> 
> Someone made the comment that he could test it from his internal 
> network, but he's already done that.  The question was how does he get 
> to a webserver that sits behind his router that has a static ip.
> 
> > 
> > The router shouldn't care about any traffic on the internal network
> > unless directly addressed to the router. Aaron said: "The system is
> > currently living on my home network, which includes internet access
> > via Static IP DSL Gateway connected through one of those little stand
> > alone Router/Firewall boxes." That says to me that the internal
> > network is in happy-land of 192.168 (or something similar), and they
> > all push through the router to get to the internet via NAT. 
> 
> Correct, and I'm fully aware of this.
> 
> > 
> > Aaron also said: "We would like to access this http server from the
> > internet for testing" - note, "from the internet". If he types in the
> > internal IP address of the webserver in a browser on the same network,
> > it will work.
> 
> 
> THE RECOOMENDATION WAS TO TYPE THE IP ADDRESS INTO THE BROWSER, making 
> reference to the static ip.  Yes, if he uses the internal ip he will get
> 
> there, BUT THAT'S NOT THE PROBLEM AT HAND.
> 
> Provided Apache is set up properly, anyway. However if the port
> > 80 redirect is not set up to bounce External_IP:80 to Webserver_IP:80,
> > accessing the external IP from the internet will get you a big fat
> > "Connection Refused". And if the webserver is getting its IP assigned
> > dynamically, the redirect via the router isn't going to work very well
> > every time the webserver gets a new IP. 
> 
> Wrong, because the bloody router is assigning the ip to the webserver, 
> so it knows where to send the goods.
> 
> > 
> > Replace his Router/Firewall with a Linux box running iptables, and you
> > have a perfect description of *my* home network.
> 
> Replace your linux box with my dual bastion/choke firewall configuration
> 
> with three static ips, vpn router, dmz, web server and 9 computers on my
> 
> private network, and you should realize that I DO KNOW WHAT I'M TALKING 
> ABOUT....
> 
> -- 
> Until later: Geoffrey		esoteric at 3times25.net
> 
> I didn't have to buy my radio from a specific company to listen
> to FM, why doesn't that apply to the Internet (anymore...)?
> 

---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.

More information about the Ale mailing list