Tip: Run a free scan for common Windows errors ad

re: Server *unreachable* outside of local network Friday, January 13, 2006 at 3:47 pm Posted by Curt R (773 messages posted) Well, I have to say your setup is a little odd. If it were me setting things up, I would have the internet coming in to the firewalled router and from there into the switch into which all servers and clients would be plugged. example: internet >> router >> switch >> clients & servers.M The way you have things setup now, all your servers are in front of your firewall which makes no sense...they should be behind the firewall with possibly the exception of the web server which could be in a DMZ. If 2003 is your LAN's DNS server, you should be forwarding it's DNS to your ISP's DNS for resolution of requests outside the local zone. To allow external users to connect to your website, you would forward port 80 to your web servers IP address. A couple questions I have for you: If your present DNS server is your 2003 server, what is the secondary DNS server (ie: 66...) and where is it located and how does it figure into your network? Being as how it's on a different network, it's no surprise nobody on the 64 network can ping it....it is on a different network. Are you running an Active Directory integrated domain with the 2003 server as your DC? On Friday, January 13, 2006 at 11:37 am, Evan K wrote: >We have a local network consisting of several linux servers, an old WinNT server, >a new Win2k3 and several workstations. The internet connection comes in to a switch, >which branches off to the servers directly, and to a firewalled router. The router >then branches off to any workstations. > >For some reason, IIS, WMS, and Windows file sharing from the 2k3 server works fine >when accessed from the NT server, most of the linux servers, or any of the workstations, >but NOTHING on 2k3 is accessible outside of the switch. The DNS is resolving ('2k3.ourdomain.com' >resolves to 2k3's static ip '64.xxx.xxx.xx'). The TCP/IP properties of its network >connection are like so: > >(X) Use the following IP address >IP address: 64.xxx.xxx.xx >Subnet mask: 255.0.0.0 >Default gateway: (blank) > >(X) Use the following DNS server addresses >Preferred DNS server: 64.xxx.xxx.xx >Alternate DNS server: 66.xxx.xxx.xx > >Now, any of our servers with a 64.xxx.xxx.xx ip (and workstations) can access the >2k3 server fine, but nothing else (including our secondary dns server, 66.xxx.xxx.xx) >gets a response, even from a ping. > >Windows Firewall is disabled, as is ICS. If we were to enable ICS, windows prompts >us that it will *change* its ip to 192.168.0.1, which would conflict with our router. > We dont want 2k3 to be the hub of our network, we just want it to act as webserver/media >server to the outside world (which it doesnt want to do) and file server/accounting >server on our local SMB network (which it IS currently doing). > >is there something we've just missed? [Reply or follow-up to this message] re: Server *unreachable* outside of local network Friday, January 13, 2006 at 4:15 pm Posted by Evan K (9 messages posted) >Well, I have to say your setup is a little odd. If it were me setting things >up, I would have the internet coming in to the firewalled router and from there into >the switch into which all servers and clients would be plugged. >example: >internet >> router >> switch >> clients & servers. >The way you have things setup now, all your servers are in front of your firewall >which makes no sense...they should be behind the firewall with possibly the exception >of the web server which could be in a DMZ. I agree it's odd, it was set up by another person. But all the servers are webservers (with the exception of the windows servers and 2 dns servers). >If 2003 is your LAN's DNS server, you should be forwarding it's DNS to your ISP's >DNS for resolution of requests outside the local zone. The 2k3 isnt the DNS server, both our DNS servers are linux, the 64.xxx and the 66.xxx. The 2k3 server GETS its ip from the 64.xxx linux DNS server, as do all the other machines. The problem is, the 2k3 server is not accepting connections from ANYTHING outside of our network, its dns name is resolving, but pinging its static ip doesnt even get a response. It's not serving as the DNS or DHCP, that's all handled by another machine, and all our other servers (including an NT4 server) DO respond to outside connections. [Reply or follow-up to this message] re: Server *unreachable* outside of local network Sunday, January 15, 2006 at 1:41 pm Posted by Curt R (773 messages posted) >I agree it's odd, it was set up by another person. But all the servers are >webservers (with the exception of the windows servers and 2 dns servers). Ahh, ok that makes sense. In that case the DNS and 2003 server's should be behind the firewall with the rest of the clients. >The 2k3 isnt the DNS server, both our DNS servers are linux, the 64.xxx and >the 66.xxx. Do your DNS servers show host records for the 2003 server? When clients log into the domain, are you getting any errors or problems? You sard "The 2k3 server GETS its ip from the 64.xxx linux DNS server". Does that mean it's getting it's IP from DHCP? This server, like any server, should have a static IP not included (excluded and/or reservered) in the DHCP scope. >The problem is, the 2k3 server is not accepting connections from ANYTHING outside >of our network, its dns name is resolving, but pinging its static ip doesnt even >get a response. It's not serving as the DNS or DHCP, that's all handled by another >machine, and all our other servers (including an NT4 server) DO respond to outside >connections. Not being able to connect could be several things. It could be the 2003 built in firewall is turned on and preventing access. It could be your main firewall. Whatever firewall(s) you use have to port forward, whatever ports you want to allow to connect to the 2003 server (ex: HTTP, port 80), to the IP address of your 2003 server. [Reply or follow-up to this message] re: Server *unreachable* outside of local network Sunday, January 15, 2006 at 7:20 pm Posted by Evan K (9 messages posted) >Do your DNS servers show host records for the 2003 server? When clients log into >the domain, are you getting any errors or problems? >You sard "The 2k3 server GETS its ip from the 64.xxx linux DNS server". Does that >mean it's getting it's IP from DHCP? This server, like any server, should have a >static IP not included (excluded and/or reservered) in the DHCP scope. I'm probably not being as clear as I could be, my apologies. The win2k3 server has its ip set to a static IP under Control Panel>Network Connections. That IP is in the DNS server, so that dns requests for 2k3.ourdomain.com resolve to the correct ip (requests DO resolve to the right ip, so no problem there.) >Not being able to connect could be several things. It could be the 2003 built in >firewall is turned on and preventing access. It could be your main firewall. >Whatever firewall(s) you use have to port forward, whatever ports you want to >allow to connect to the 2003 server (ex: HTTP, port 80), to the IP address of your >2003 server. There is no firewall issue, because if there were, we would have the same problem with our other servers, seeing as they are all connected in the same spot. ANd the windows firewall, i can assure you, is deactivated. ICS (internet connection sharing) is also deactivated. Any kind of request (HTTP, FTP, ping, pcAnywhere, anything) to "2k3.ourdomain.com" DOES resolve to the correct ip address (64.xxx.xxx.04, for example). Additionally, any request from within our network to that machine (64.xxx.xxx.04 in this example) gets a response. An IDENTICAL request from outside our network, however, gets no response. The DNS address will resolve, but the machine simply does not respond. Again, there is NO firewall, so we are clueless as to why the machine will not respond. All we know is, it HAS to be something to do with the win2k3 o/s [Reply or follow-up to this message] re: Server *unreachable* outside of local network Sunday, January 15, 2006 at 10:35 pm Posted by Curt R (773 messages posted) Hmmm....that's a tough one alright. Assuming you're using IIS for the web site on the 2003 server my next thought is the setup within IIS. Even if you're using some other web hosting software, it has to be the configuration relating to the web site. I'm afraid I don't have a whole lot of experience with web sites so I can't be of much use to you with this problem. About all I remember about IIS is you use host headers to point at the web site. If you're using IIS, recheck your configuration of the host headers. On Sunday, January 15, 2006 at 7:20 pm, Evan K wrote: >>Do your DNS servers show host records for the 2003 server? When clients log into >>the domain, are you getting any errors or problems? > >>You sard "The 2k3 server GETS its ip from the 64.xxx linux DNS server". Does that >>mean it's getting it's IP from DHCP? This server, like any server, should have a >>static IP not included (excluded and/or reservered) in the DHCP scope. > >I'm probably not being as clear as I could be, my apologies. The win2k3 server has >its ip set to a static IP under Control Panel>Network Connections. That IP is in >the DNS server, so that dns requests for 2k3.ourdomain.com resolve to the correct >ip (requests DO resolve to the right ip, so no problem there.) > >>Not being able to connect could be several things. It could be the 2003 built >in >>firewall is turned on and preventing access. It could be your main firewall. >>Whatever firewall(s) you use have to port forward, whatever ports you want to >>allow to connect to the 2003 server (ex: HTTP, port 80), to the IP address of your >>2003 server. > >There is no firewall issue, because if there were, we would have the same >problem with our other servers, seeing as they are all connected in the same spot. > ANd the windows firewall, i can assure you, is deactivated. ICS (internet connection >sharing) is also deactivated. > >Any kind of request (HTTP, FTP, ping, pcAnywhere, anything) to "2k3.ourdomain.com" >DOES resolve to the correct ip address (64.xxx.xxx.04, for example). Additionally, >any request from within our network to that machine (64.xxx.xxx.04 in this example) >gets a response. An IDENTICAL request from outside our network, however, gets no >response. The DNS address will resolve, but the machine simply does not respond. > Again, there is NO firewall, so we are clueless as to why the machine will not respond. > All we know is, it HAS to be something to do with the win2k3 o/s [Reply or follow-up to this message] Tip: Use one of the [Reply or follow-up to this message] links above to add a message to this thread Search this forum Start a new thread on a different subject Report abuse of the forum Return to the Windows Server 2003 Discussion Forum