Hi, I set up our firewall a few weeks ago and tested it everyday attached to my laptop and directly to our broadband sdsl line. Everything worked fine including our webserver that is outside of our house. Today I attached it - after two weeks successful testing - to our working network. Everything works except the http service of our webserver. The problem is not our webserver. I think the problem is the firewall interacting with our internal dns. The strange thing is, that everything works fine including ssh and ftp. What can I do, what is wrong... Thanks, Johannes Johannes Scherbaum Systemadministrator Funkhaus N?rnberg Studiobetriebs-GmbH Senefelder Strasse 7 90409 N?rnberg Tel: 0911/5191-128 Fax: 0911/5191-129 Mail: johannes.scherbaum@funkhaus.de Web: www.funkhaus.de -------------- next part -------------- A non-text attachment was scrubbed... Name: Johannes Scherbaum (johannes.scherbaum@funkhaus.de).vcf Type: text/x-vcard Size: 459 bytes Desc: not available Url : http://lists.shorewall.net/pipermail/shorewall-users/attachments/20031117/15721b26/JohannesScherbaumjohannes.scherbaumfunkhaus.de.vcf
Robert K Coffman Jr - Info From Data Corporation
2003-Nov-17 06:25 UTC
[Shorewall-users] Problem with DNS
Do you have an Active Directory with the same name as your web server - i.e. example.com is your active directory domain, while www.example.com is your webserver? If so, you need to set a www host up in your Active Directory DNS, assuming that is where your clients are pointed for DNS. If not, I think some additional info may be needed to resolve this. - Bob Coffman -----Original Message----- From: shorewall-users-bounces@lists.shorewall.net [mailto:shorewall-users-bounces@lists.shorewall.net]On Behalf Of Johannes Scherbaum Sent: Monday, November 17, 2003 4:36 AM To: shorewall-users@lists.shorewall.net Subject: [Shorewall-users] Problem with DNS Hi, I set up our firewall a few weeks ago and tested it everyday attached to my laptop and directly to our broadband sdsl line. Everything worked fine including our webserver that is outside of our house. Today I attached it - after two weeks successful testing - to our working network. Everything works except the http service of our webserver. The problem is not our webserver. I think the problem is the firewall interacting with our internal dns. The strange thing is, that everything works fine including ssh and ftp. What can I do, what is wrong... Thanks, Johannes Johannes Scherbaum Systemadministrator Funkhaus N?rnberg Studiobetriebs-GmbH Senefelder Strasse 7 90409 N?rnberg Tel: 0911/5191-128 Fax: 0911/5191-129 Mail: johannes.scherbaum@funkhaus.de Web: www.funkhaus.de
No, we have no Active Directory in out net. But... All our other internal server have a name like xxx.domain.de Johannes Scherbaum Systemadministrator Funkhaus N?rnberg Studiobetriebs-GmbH Senefelder Strasse 7 90409 N?rnberg Tel: 0911/5191-128 Fax: 0911/5191-129 Mail: johannes.scherbaum@funkhaus.de Web: www.funkhaus.de -----Urspr?ngliche Nachricht----- Von: shorewall-users-bounces@lists.shorewall.net [mailto:shorewall-users-bounces@lists.shorewall.net] Im Auftrag von Robert K Coffman Jr - Info From Data Corporation Gesendet: Montag, 17. November 2003 15:26 An: johannes.scherbaum@funkhaus.de; Shorewall Users Mailing List Betreff: RE: [Shorewall-users] Problem with DNS Do you have an Active Directory with the same name as your web server - i.e. example.com is your active directory domain, while www.example.com is your webserver? If so, you need to set a www host up in your Active Directory DNS, assuming that is where your clients are pointed for DNS. If not, I think some additional info may be needed to resolve this. - Bob Coffman -----Original Message----- From: shorewall-users-bounces@lists.shorewall.net [mailto:shorewall-users-bounces@lists.shorewall.net]On Behalf Of Johannes Scherbaum Sent: Monday, November 17, 2003 4:36 AM To: shorewall-users@lists.shorewall.net Subject: [Shorewall-users] Problem with DNS Hi, I set up our firewall a few weeks ago and tested it everyday attached to my laptop and directly to our broadband sdsl line. Everything worked fine including our webserver that is outside of our house. Today I attached it - after two weeks successful testing - to our working network. Everything works except the http service of our webserver. The problem is not our webserver. I think the problem is the firewall interacting with our internal dns. The strange thing is, that everything works fine including ssh and ftp. What can I do, what is wrong... Thanks, Johannes Johannes Scherbaum Systemadministrator Funkhaus N?rnberg Studiobetriebs-GmbH Senefelder Strasse 7 90409 N?rnberg Tel: 0911/5191-128 Fax: 0911/5191-129 Mail: johannes.scherbaum@funkhaus.de Web: www.funkhaus.de _______________________________________________ Shorewall-users mailing list Post: Shorewall-users@lists.shorewall.net Subscribe/Unsubscribe: https://lists.shorewall.net/mailman/listinfo/shorewall-users Support: http://www.shorewall.net/support.htm FAQ: http://www.shorewall.net/FAQ.htm -------------- next part -------------- A non-text attachment was scrubbed... Name: Johannes Scherbaum (johannes.scherbaum@funkhaus.de).vcf Type: text/x-vcard Size: 459 bytes Desc: not available Url : http://lists.shorewall.net/pipermail/shorewall-users/attachments/20031117/8f3c3cf2/JohannesScherbaumjohannes.scherbaumfunkhaus.de.vcf
On Monday 17 November 2003 01:36 am, Johannes Scherbaum wrote:> Hi, > I set up our firewall a few weeks ago and tested it everyday attached to my > laptop and directly to our broadband sdsl line. Everything worked fine > including our webserver that is outside of our house. > Today I attached it - after two weeks successful testing - to our working > network. Everything works except the http service of our webserver. The > problem is not our webserver. I think the problem is the firewall > interacting with our internal dns. > The strange thing is, that everything works fine including ssh and ftp. > > What can I do, what is wrong... >Look at your log... -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
On Mon, 2003-11-17 at 15:37, Johannes Scherbaum wrote:> No, we have no Active Directory in out net. > But... All our other internal server have a name like xxx.domain.deahh, a major dns "DON''T DO THIS" :) i would really change this to .local asap. greetings Holger Brueckner net-labs Systemhaus GmbH
On Mon, 2003-11-17 at 01:36, Johannes Scherbaum wrote:> Hi, > I set up our firewall a few weeks ago and tested it everyday attached to my > laptop and directly to our broadband sdsl line. Everything worked fine > including our webserver that is outside of our house. > Today I attached it - after two weeks successful testing - to our working > network. Everything works except the http service of our webserver. The > problem is not our webserver. I think the problem is the firewall > interacting with our internal dns. > The strange thing is, that everything works fine including ssh and ftp. > > What can I do, what is wrong... >I don''t have a clear picture of your network topology but this sounds a lot like the problem described in FAQ #2. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
On Mon, 2003-11-17 at 08:18, Holger Br?ckner wrote:> On Mon, 2003-11-17 at 15:37, Johannes Scherbaum wrote: > > No, we have no Active Directory in out net. > > But... All our other internal server have a name like xxx.domain.de > > ahh, a major dns "DON''T DO THIS" :) > i would really change this to .local asap.Or use either: a) Bind 9 "views"; or b) Separate internal DNS server so that internal clients resolve the server''s DNS name to the internal address while external clients resolve the name to the external address. I use Bind 9 views personally. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net