Solved: Re: DNS problem on Windows Server Host

DonPaul · ‎04-15-2011

I've run into a problem which is probably easily resolved - but I've been browsing the net for days already and cannot find a solution.

First, I'll describe my basic setup.

I run a Windows Server 2003 host in a simple home setup, connected to a ISP. I have my own domain name, which is hosted by another company. My local domain is called 'mydomain.local'; my global domain is called 'mydomain.eu'. I forward a lot of specific services to my local server, using the settings from my domain name hoster. So, my Windows server is called orakel.mydomain.local; my webpage, which is externally hosted, is www.mydomain.eu, but I use my local server for ftp access so ftp.mydomain.eu is forwarded to my local IP adress; my router forwards to orakel.mydomain.local, and my ftp server on the Windows server handles the traffic. This setup works fine, and allows me to administer both my internal and external DNS settings.

My main server uses 192.168.0.1/255.255.255.0, and is also DNS/DHCP server for the rest of the network.

As I'm contemplating moving to Linux I've setup Vmware Workstation 7.1 on my server (orakel.mydomain.local). I've created a Debian image, added a static IP (192.168.0.50) in this image. The VM network adapter is set to bridged and directed to my physical network card. I've added an external debian A-record, directed to my static IP adress, just like I did with my ftp, usenet etc - so, debian.mydomein.eu is pointed to my fixed adress, which is forwarded(by my router) to orakel.mydomain.local (192.168.0.1)

And then I ran into problems. I want to access my debian image from the outside world, and cannot get this to function.

When I'm locally conneced, I can use 192.168.0.50 to access my image. I've added a DNS A-record on my *local* DNS server (debian -> 192.168.0.50), so debian.mydomain.local also works fine as long as I'm using my own LAN.

But I want to use debian.mydomain.eu, as this will allow me to access the debian image from other locations as well. I cannot figure out how to accomplish this. When I use debian.mydomain.eu, I get redirected to my router, which redirects me to orakel.mydomain.local, but there it stops. I run Apache on both my windows server and in the debian virtual image, but I always end up on my windows http server, not on my debian server.

When I change my router settings to forward port 80 to 192.168.0.50, it works, off course - the VM image is working fine. But how can I get my windows to redirect certain server names to the virtual images? I'd like to run WEBDAV in a debian VM-image, and keep my existing local Windows-http server running as well. So, redirecting ports on the router clearly is not going to work, as HTTP and Webdav both use port 80. I've been researching and trying to resolve this to no avail. I *know* that virtual machines are used just to share physical resouces for a number of websites, and that is just what I'm trying to accomplish!

Where do I need to make adjustments? Is this a VM-settings somewhere, or must this be resolved by the DNS settings of the Guest OS?

Paul Kooistra

YLeduc1234 · ‎04-17-2011

Hello Paul,

DNS only does name resolution. So given a name, what is the known corresponding IP address. From what I understand, you want to have multiple servers to be accessible from the Internet for the same service (ie. http) using standard ports and this is where your problem resides. Unless each of those servers are uniquelly adressable in term of public address you won't be able to do it without using some of the trick from my previous post.

Does your ISP provides you with more than one external IP address? If so, do you have a firewall that could handle more than 1 NAT address?

Regards.

View solution in original post

YLeduc1234 · ‎04-17-2011

Hello Paul,

If I understand your problem, you have 2 servers running web services and somehow you want both of them to be accessible from the web at the same time. The problem is not really a VMWare as your server is up and running. The problem is mainly your setup as your router is setup to forward port 80 (http) to only one specific device. If your setup is temporary as you indicate that you are thinking of transferring your web server onto a Linux, I would configure one of them to answer to a different port and have your router forward to this other device for the same port. Otherwise, if you insist on keeping port 80, you will need to setup a third device with a reverse proxy ( I believe SQUID may do the trick for you). This device would receive the http request from the web, turn around and make the same request to your internal servers. Once it got the answers, send back the answers to the original requestors. Depending on what you are serving, this may become a pain.

The first solution may also be a pain depending on who is supposed to be getting info from your server. If we are talking home users, this should not be a problem. Corporate users, may have firewall issues as they may not be allowed to make connection to the other port you have selected.

Hope this help you.

Regards.

Yvon

DonPaul · ‎04-17-2011

Hello Yvon,

> and somehow you want both of them to be accessible from the web at the same time

Right now, I have two web servers running - but ideally I can forsee several servers running parallel. Right now, I'm coming from a situation where I have 1 Windows server, running as PDC, sharing files over the LAN, handling mail, running FTP, running Mail etc. And there are several web-based media servers running, and a few P2P/Usenet applications all serving HTTP trafic as well. Quite a lot, actually, and lots of potential for conflicts etc.

I'd like to separate a few of these tasks in dedicated virtual machines. For example, I have recently aquired an Ipad, and want to run my own Webdav server to allow me to share documents within my Lan. I want this webdav server to by externally accessible, and therefore I want it securely in its own VM.

> I would configure one of them to answer to a different port and have your router forward to this other device for the same port

This would of course work, but has a few serious drawbacks. First of all, as I mentioned I'd like to have a few parallel servers running even after migrating to Linux. Second, changing the standard ports means problem in several of the network environments I frequent, as the firewall filters non-standard ports. So, my VM's would not be accessible.

I've looked into Squid. It does something I'm vaguely familiar with in regards to the redirecting, as Ive used Apache for this means to. As I mentioned before, I already have quite a few services running, and Apache already forwards some incoming traffic to non-standard HTTP servers. But alas, this only works for HTTP traffic, not for stuf like FTP or SSH. And it is also not a *clean* solution.

I'm by no means a VM expert, but I just expected (and still expect) there to be a better solution. Something at the DNS level, I'd expect - do not all big hosting companies offer VM's for web traffic? Maybe I need to switch to Vsphere or some other virtualization product to have this functionality - but all these products are quite confusing and overlapping in functionality, and I suspect my wish can be implemented by the technology stack I'm currently using.

YLeduc1234 · ‎04-17-2011

Hello Paul,

DNS only does name resolution. So given a name, what is the known corresponding IP address. From what I understand, you want to have multiple servers to be accessible from the Internet for the same service (ie. http) using standard ports and this is where your problem resides. Unless each of those servers are uniquelly adressable in term of public address you won't be able to do it without using some of the trick from my previous post.

Does your ISP provides you with more than one external IP address? If so, do you have a firewall that could handle more than 1 NAT address?

Regards.

All

DNS problem on Windows Server Host