[Camelot]

The best advice I can offer is:

Ignore the GUI admin apps and do it manually.

The admin apps are not capable of building virtual hosts other than name-based virtual hosts, which is OK, but it will only set them up if the reverse DNS for the hostname (as far as this machine is concerned) points to the machine itself.

This means that if you’re trying to setup http://www.somecompany.com as a virtual host using the GUI tool, ‘www.somecomany.com’ MUST resolve to the IP address of this machine, bearing in mind NAT/load balancing private class addresses, etc.

Instead, learn Apache’s httpd.conf format and do it yourself. You’ll find the flexibility of this approach way beyond the limited options supported by the GUI tools.

For the virtual hosts setup, check http://localhost/manual/vhosts/index.html for the apache documentation.

[Camelot]

You can use any TLD (.com, .net, .fred, .whatever) on your own server. That’s how .local is valid on local networks even though there’s no central database like there is for .com, .net et. al.

[Camelot]

BIND can handle any number of domains. You just need to add additional zone statements to your named.conf, each pointing to a separate zone file, one per domain:

zone “company1.se” IN {
type master;
file “db.comany1.se”;
allow-update { none; };
};

zone “company2.se” IN {
type master;
file “db.comany2.se”;
allow-update { none; };
};

zone “company3.se” IN {
type master;
file “db.comany3.se”;
allow-update { none; };
};

Then just duplicate the existing zone file, renaming it to match the new domains.

[Camelot]

>Have i done it all right???
Sounds like it

>wich login and pass have i to use???

You need an account on the remote machine, and you use whatever username and password you have assigned on that machine

>wich software is the best way to connect???

Using SSH in this way, the only way to connect is via ssh in a terminal window, so open a terminal window and type:

ssh <remote machine>

[Camelot]

Your problem is a common one.

It stems from the fact that your router/firewall/whatever is not permitting traffic from the internal network to access the NAT addresses, a term referred to as ‘nat bounceback’.

Typically the router performs NAT translation on any traffic coming into the external interface and trying to get to an internal resource (such as your server). To do this the router translates the external IP address to the internal one and forwards the packet.
However, this only happens on traffic coming into the external interface. If the traffic comes from the internal interface, the router chokes.

The commonest solution is, as you’ve been advised, to run either internal hosts or DNS.

In this setup all your machines use either a hosts table or a separate DNS server that is configured with your internal network addresses.

For example, if your real-world address is 20.30.40.1 and your web server is running on 192.168.1.1, your public DNS server has an entry for ‘www.yourdomain.com’ pointing to 20.30.40.1
When you setup your network using a private DNS server, you define http://www.yourdomain.com as being at 192.168.1.1.
You then point all your internal systems to use this DNS server for name resolution rather than your external (ISPs?) name server. When users then lookup http://www.yourdomain.com they get the 192.168.1.1 address and can access the server without having to hit the router.

Since only your internal systems use this DNS server, it won’t affect anyone else’s ability to get to your web server

If configuring DNS is too much for you, you can achieve the same thing via hosts files. Most systems allow you to build a table of hostnames and IP addresses which take precedence over DNS. In this scenario you essentially tell each machine that http://www.yourdomain.com is at 192.168.1.1 regardless of what any DNS server might say.
To set this up on Mac OS X systems, use NetInfo Manager to create a number of ‘machine’ records, one for each internal host. Enter the host name and IP address for each machine and you’re all set.
Windows and other UNIX systems use a text file-based system (/etc/hosts on most unix systems) that does the same thing.

The advantage of the hosts system is that you don’t need to run a DNS server. However, administration becomes a nightmare if you have a large number of systems and/or update the addresses regularly – you have to walk through each machine to make the changes [*] (unless you’re running a central authentication system that can push this content for you, but that’s another issue)

Installing a DNS server isn’t too hard and is a useful skill to know.

[size=9:c9520c1d14]* – Side note. In the dark, early days of the internet, this is exactly how the hostnames were updated… files were physically (via disk) passed around the various establishments that were connected to the ‘net’ and each site would apply their recent changes to the file before sending it on to the next site. This quickly moved to a centralized system where each site sent their changes to one site that then distributed the file to all sites (again, all via disk).
This system was ultimately replaced by the electronic version we now know as DNS.
Could you imagine every machine on the internet holding a text file of all internet hosts, and users having to manually update their files (via disk) every week? ::shudder:: :)[/size:c9520c1d14]

[Camelot]

Use Apache Aliases

http://httpd.apache.org/docs/mod/mod_alias.html#alias

The disadvantage to this approach is that you need to make aliases for each user, whereas the userdir (~/) approach is automatic.

[Camelot]

Personally I don’t use the Apple web admin app at all since it doesn’t cover a lot of the ‘wierd and wonderful’ apache options that you can control via direct editing of httpd.conf.

It’s fine for your personal web server setup, but lacking if you’re into higher-end stuff.

[Camelot]

WTF is geekrouter?

What you describe has to be some issue with geekrouter since every machine in my network is running dual-NICs and none of them have any problem – I can access the IP address of either NIC without problem.

If geekrouter is a command-line tool, it may want a switch to tell it which interface to connect to. Many network tools operate like this, including the venerable ping and traceroute. In these cases they always use the default interface unless you add a switch with the appropriate interface to use, e.g.:

ping <host> — pings the specified host

ping -i en1 <host> — ping the host via en1

[Camelot]

[quote:f7bbab350c=”hamishb”]1. Yes, Zoneedit are hosting my domain names and pointing them to my static IP address. NAT router forwards port 80 (http) to my Server. e.g. http://www.mydomain.com is pointed to 123.321.123.321 per my example.

2. Am trying to set up intenal domain names – using the local domain example.com:

g4server.example.com -> 192.168.123.102
g4.example.com -> 192.168.123.101
ibook.example.com -> 192.168.123.104[/quote:f7bbab350c]

I’m still not following what you need. Are you looking for a zone file for example.com with these three hosts in it?

[code:1:f7bbab350c]$ORIGIN .
$TTL 3600 ; 1 hour
example.com IN SOA ns.example.com. ops.example.com. (
2003052701 ; serial
10800 ; refresh (3 hours)
3600 ; retry (1 hour)
604800 ; expire (1 week)
14400 ; minimum (4 hours)
)
NS ns.example.com.
MX 10 mail.example.com.
$ORIGIN example.com.
ns A 192.168.123.102
mail CNAME ns
g4server CNAME ns
g4 A 192.168.123.101
ibook A 192.168.123.104
[/code:1:f7bbab350c]

[quote:f7bbab350c]3. How do I set up external (Zoneedit) and internal (example.com) MX records? Does the Mail server require mail.example.com to be configured for 192.168.123.102, or does it just “listen” to port 25 like Apache listens to port 80? If I am serving up a few websites for various domains (using virtual hosts) is this addressed from a mail perspective by having multiple (internal) domain names for the mail server? What do I need to do here?[/quote:f7bbab350c]

Depends on the mail server. Most mail servers will simply listen to port 25. The server’s configuration tells it what domains to accept mail for.
If you’re using Apple Mail that comes with Mac OS X Server you’re out of luck since it doesn’t support multiple domains. If you’re using sendmail, add the domains you accept mail for to the file /etc/mail/local-host-names and restart sendmail.

[Camelot]

I have to admit I’m a little confused as to what it is you’re asking for.

The diagram you have seems to explain the network architecture pretty well, at least as you describe it.

What are you looking for in the way of DNS? Do you need help in setting up your zone file? If so, what domain name are you using?

Or are you looking for help in configuring the various services on each machine?

Rendezvous doesn’t make any difference as far as network layout is concerned. All it really does is provide service location, allowing each system to easily locate other services on the network using a combination of network broadcasts and/or directory services

[Camelot]

Agreed, what you want is virtual hosts, not subdomains.

Besides, even if you were to use subdomains, you’d still need to setup virtual hosts on Apache to serve them.

Subdomains are used to categorize a related set of servers/hostnames, for example, company.com might have a ‘newyork.company.com’ subdomain that lists their servers in their New York offices (mail.newyork.company.com, vpn.newyork.company.com, etc.) and a ‘london.company.com’ subdomain that does the same thing for the London offices (mail.london.company.com, vpn.london.company.com, etc.)
(there are others logicial breakdowns for subdomains, but geographic location is one of the commonest)

It sounds as though all you want to do is have another hostname in your domain.

Since your ISP handles your DNS, they should be able to add a host record very easily. Then you need to tell Apache what to do when a request for that hostname comes in.

Typically you’ll do this in the GUI tool for setting up the web server. Create a new virtual server with the new hostname you’ve chosen and choose the alternate folder to use as that site’s document root.

[Camelot]

Something’s clearly wrong with your DNS:

[code:1:3d03e83562]dig chesson.net @AAG4SERVER.AUSTASIAGROUP.COM

; <<>> DiG 8.3 <<>> chesson.net @AAG4SERVER.AUSTASIAGROUP.COM
; (1 server found)
;; res options: init recurs defnam dnsrch
;; res_nsend to server AAG4SERVER.AUSTASIAGROUP.COM 203.59.134.106: Operation timed out
[/code:1:3d03e83562]

Your authoritative servers aren’t returning DNS data. I’m not surprised you’re having problems. 🙂

[Camelot]

[quote:b5667e2187=”straif”]as a follow up to my earlier post, example.com defaulting to http://www.example.com,

what about [email protected] vs [email protected]?

use the force and deliver me from my misguided ways….[/quote:b5667e2187]

For each mail domain you want to use, you need to add an MX record (or two).

For example, if you want to accept mail for [email protected] and [email protected] you’ll add two MX records:

[code:1:b5667e2187]
example.com. IN MX 10 mailserver.example.com.
mail.example.com. IN MX 10 mailserver.example.com.[/code:1:b5667e2187]

Now any message addressed to [email protected] or [email protected] will be forwarded to the same mail server (namely mailserver.example.com)

[Camelot]

In terms of the actual DNS records required to make this work:

In your zone file, at the beginning you’ll have something like this:

[code:1:8f6de9b9a2]
example.com IN SOA ns.example.com. admin.example.com. (
2003051701 ; serial
10800 ; refresh (3 hours)
3600 ; retry (1 hour)
604800 ; expire (1 week)
14400 ; minimum (4 hours)
)
NS ns.example.com.
NS ns2.example.com.
MX 10 mail.example.com.
A 12.34.56.78
[/code:1:8f6de9b9a2]

Note the last line. It creates an A record for the domain entry ‘example.com’ and equates ‘example.com’ to 12.34.56.78

Then you can add a CNAME for www:

[code:1:8f6de9b9a2]
www IN CNAME example.com.[/code:1:8f6de9b9a2]

This points ‘www.example.com’ to ‘example.com’, so now http://example.com/ and http://www.example.com/ will match.

[Camelot]

I wouldn’t go as far as having *everything* on the server (although that is possible with NetBoot), but I would store users’ home directories on the server, using automount to automatically mount each user’s home directory as they log on.

That way you get centralized storage of user content, making it easy to back up on the server.

I’d maintain applications on each machine, though.

[Author]

Posts