Announcement

Collapse
No announcement yet.

Websites only accessible externally, not internally

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Websites only accessible externally, not internally

    HI Guys

    Please can someone help here, I have a situation where company website can not be accessed internally but externally it works fine,

    Please guide me through troubleshooting this matter, am not that clued up with DNS etc,

    When I run nslookp externally it resolve the same IP that it resolve internally but the website is not working internally

    Regards

  • #2
    Re: Websites only accessible externally, not internally

    Add an A Record in your internal DNS to point to the website which I assume is hosted externally.
    1 1 was a racehorse.
    2 2 was 1 2.
    1 1 1 1 race 1 day,
    2 2 1 1 2

    Comment


    • #3
      Re: Websites only accessible externally, not internally

      You're probably experiencing the symptoms of either a "hairpin NAT" or a "split-brain DNS" issue.

      If the site is hosted internally: You can't access an internal server using an external NATed/port forwarded address when you're on the same internal network as the server in question. The return traffic from the server won't be sent through the router doing the address translation since the client is on the same network, and as a result, the reply packets arriving at the client will have the wrong, un-NATed source address.

      The most common solution is the one biggles77 suggested. By creating a default A record in a DNS zone with the same name as the server (for instance. www.yourcompany.com) and pointing it at the internal IP address of that server, the NAT mechanism is bypassed entirely for internal clients and the web site will become accessible.

      If the site is hosted externally: You can't access an external server if you're using the same domain name internally and your DNS zone lacks an A record for the name of the web server. In this case, you will already have an internal DNS zone called yourcompany.com, so you just add an A record called www and point it to the external address.
      Last edited by Ser Olmy; 26th January 2015, 19:19.

      Comment


      • #4
        Re: Websites only accessible externally, not internally

        Hi Guys

        Thanks so much for you replies,

        I already have A records on the internal DNS pointing to the external IP address,

        Regards

        Comment


        • #5
          Re: Websites only accessible externally, not internally

          Lets separate the name resolution from the web page

          If you ping the site (internally) does it resolve to the correct IP address

          If so, is any web filtering in place?
          Tom Jones
          MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
          PhD, MSc, FIAP, MIITT
          IT Trainer / Consultant
          Ossian Ltd
          Scotland

          ** Remember to give credit where credit is due and leave reputation points where appropriate **

          Comment


          • #6
            Re: Websites only accessible externally, not internally

            Where is the website hosted? Is internal to your network or external?

            What firewall are you using?

            Are your hosts allowed to loopback on themselves if the site is hosted internally?

            If it is internal then www should point to your internal address.

            Can you please share you current setup with us?

            Comment


            • #7
              Re: Websites only accessible externally, not internally

              Hi Guys

              When I ping the site internally it does resolve correct IP,
              The website is hosted externally by the ISP
              There is web filter managed by ISP thou I am not sure what type as we just brought Sonic Firewall which is still with our network team for configurations but not yet installed,

              I did contact the ISP and I was given odd response that there is no routing issue on their side that might be causing this, as they are able to access the site from other IP's in our routed block of IP's. and they advised me to contact the old ISP whom they took over from,

              Regards

              Comment


              • #8
                Re: Websites only accessible externally, not internally

                So by that there is an issue with your web filter accessing the relevant site.

                Comment


                • #9
                  Re: Websites only accessible externally, not internally

                  Thanks a lot guys, I think the ISP is playing hide a sick here,

                  I am on top of them today,

                  I really appreciated your efforts ,
                  God Bless you

                  Comment

                  Working...
                  X