Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Can't View Website from within LAN

19 views
Skip to first unread message

wis...@googlemail.com

unread,
Mar 1, 2007, 7:24:47 AM3/1/07
to
Hi,

For some reason, I'm unable to access my website from within my
network. It works just fine from any computer outside the LAN, though.
I can also view my website if I type the local IP address or localhost
on the server, but not on any other machine in the network. What
happened instead is that I got to the router's login page. I disabled
this by using "no ip http server", but to no avail. Now, when I try
it, the browser just can't find any webpage.

The reason that I believe it is a router issue is that I updated the
firmware, and as far as I remember, it worked before that. Also, I
know for sure that I did not change any settings on my server that
could cause this. The router is a Cisco 850 and the firmware version
is IOS 12.3.

I don't really know much about networks, so if there is any other
relevant information that you need, please let me know.

Thanks,
Stefan
--------------------------
www.stkomp.com

Trendkill

unread,
Mar 1, 2007, 7:36:37 AM3/1/07
to

If you can access the page on the server itself by going to localhost,
then you should be able to get to it by typing http:\\<internalIP>:80
from any other computer on the same network segment (ie, in the same
subnet).

Second, I would make sure that whatever port forwarding you setup on
the router is still there. Do you have internal vs external IP
addressing? (192.168.x.x internal?)

Lastly, do you have a domain name that is pointed correctly?

wis...@googlemail.com

unread,
Mar 1, 2007, 10:00:10 AM3/1/07
to
Thanks for your answer.

Yes, I can actually access the website from within the network using
192.168.xxx.xxx. Sorry about this, must have typed the wrong IP or
something when I was trying it before.

Yes, the router is set up to use NAT. "ip nat translation" shows me
among others this entry, which to me, looks correct:

Pro Inside global Inside Local Outside local Outside global
tcp 213.xxx.xxx.xxx:80 192.168.xxx.xxx:80 --- ---

Yes, the domain name points to the right address. As I said, I can
access the website from any one machine outside the network using the
domain name. It's only on machines hooked up to this network where
this doesn't work.

Thanks again,
Stefan

wis...@googlemail.com

unread,
Mar 1, 2007, 10:03:26 AM3/1/07
to
I should have clarified that both domain name & external IP
(213.XXX.XXX.XXX) do not work inside the LAN. And both work outside.

On Mar 1, 4:00 pm, wisc...@googlemail.com wrote:
> Thanks for your answer.
>

> Yes, I can actuallyaccessthewebsitefromwithinthe network using


> 192.168.xxx.xxx. Sorry about this, must have typed the wrong IP or
> something when I was trying it before.
>
> Yes, the router is set up to use NAT. "ip nat translation" shows me
> among others this entry, which to me, looks correct:
>
> Pro Inside global Inside Local Outside local Outside global
> tcp 213.xxx.xxx.xxx:80 192.168.xxx.xxx:80 --- ---
>

> Yes, the domain name points to the right address. As I said, I canaccessthewebsitefrom any one machine outside the network using the


> domain name. It's only on machines hooked up to this network where
> this doesn't work.
>
> Thanks again,
> Stefan
>
> Trendkill wrote:
> > On Mar 1, 7:24 am, wisc...@googlemail.com wrote:
> > > Hi,
>
> > > For some reason, I'm unable toaccessmywebsitefromwithinmy

> > > network. It works just fine from any computer outside theLAN, though.
> > > I can also view mywebsiteif I type the local IP address or localhost


> > > on the server, but not on any other machine in the network. What
> > > happened instead is that I got to the router's login page. I disabled
> > > this by using "no ip http server", but to no avail. Now, when I try

> > > it, the browser justcan'tfind any webpage.


>
> > > The reason that I believe it is a router issue is that I updated the
> > > firmware, and as far as I remember, it worked before that. Also, I
> > > know for sure that I did not change any settings on my server that
> > > could cause this. The router is a Cisco 850 and the firmware version
> > > is IOS 12.3.
>
> > > I don't really know much about networks, so if there is any other
> > > relevant information that you need, please let me know.
>
> > > Thanks,
> > > Stefan
> > > --------------------------www.stkomp.com
>

> > If you canaccessthe page on the server itself by going to localhost,

Trendkill

unread,
Mar 1, 2007, 11:01:04 AM3/1/07
to

Sounds to me like your router is not allowing traffic out and back
in. Are you using an internal DNS server or one from the ISP? If
internal, I'd consider putting in a static entry for the web-server to
the internal IP address. If externally, something in your router
config is preventing traffic from going out and coming back in. You
may want to paste your config (just relevant parts of config
obviously, and may want to mask IPs)

AM

unread,
Mar 1, 2007, 11:30:36 AM3/1/07
to
wis...@googlemail.com wrote:
> Hi,
>


> I don't really know much about networks, so if there is any other
> relevant information that you need, please let me know.
>

Do you have a NAT for the entire IP protocol or have just translated the TCP port 80?

Alex.

Egghead

unread,
Mar 1, 2007, 5:59:58 PM3/1/07
to
Is it the alias problem?

cheers,
RL
<wis...@googlemail.com> wrote in message
news:1172751887.8...@m58g2000cwm.googlegroups.com...

wis...@googlemail.com

unread,
Mar 2, 2007, 8:47:55 AM3/2/07
to
OK, below is the part of the config file that, I hope, is relevant.
No, there is no internal DNS server, I'm using my ISP's. And yes, I
have NAT for the entire protocol (as far as I know). Lastly, I don't
know what the alias problem is. Can you please explain?

Thanks for your help,

Stefan

---------------------------------------

ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 5 life 86400 requests 10000
ip nat inside source list 1 interface FastEthernet4 overload
ip nat inside source static tcp 192.168.1.123 21 interface
FastEthernet4 21
ip nat inside source static tcp 192.168.1.123 50000 interface
FastEthernet4 50000
ip nat inside source static tcp 192.168.1.123 80 interface
FastEthernet4 80
ip nat inside source static tcp 192.168.1.123 1433 interface
FastEthernet4 1433
ip nat inside source static tcp 192.168.1.123 443 interface
FastEthernet4 443
ip nat inside source static tcp 192.168.1.123 3389 interface
FastEthernet4 3389
!
ip access-list extended Inside_Out
permit ip any any
ip access-list extended Outside_In
permit tcp any host 213.XXX.XXX.XXX eq 22
permit tcp any host 213.XXX.XXX.XXX eq telnet
permit tcp host 216.204.141.92 host 213.XXX.XXX.XXX eq 3389
permit tcp host 216.204.141.91 host 213.XXX.XXX.XXX eq 3389
permit tcp host 64.102.253.96 host 213.XXX.XXX.XXX eq 3389
permit tcp host 216.204.141.90 host 213.XXX.XXX.XXX eq 3389
permit tcp any host 213.XXX.XXX.XXX eq 3389
permit esp any any
permit ahp any any
permit udp any any eq non500-isakmp
permit udp any any eq isakmp
permit tcp any host 213.XXX.XXX.XXX eq 443
permit tcp host 216.204.141.90 host 213.XXX.XXX.XXX eq 1433
permit tcp host 216.204.141.91 host 213.XXX.XXX.XXX eq 1433
permit tcp host 216.204.141.92 host 213.XXX.XXX.XXX eq 1433
permit tcp host 64.102.253.96 host 213.XXX.XXX.XXX eq 1433
permit tcp any host 213.XXX.XXX.XXX eq www
permit tcp any host 213.XXX.XXX.XXX eq ftp
permit tcp any host 213.XXX.XXX.XXX eq 50000

Egghead

unread,
Mar 2, 2007, 10:44:49 AM3/2/07
to
Nothing to do with DNS here

You need to add an alias in your box which match the website's REAL address
to your lan address. I will do that to my box:

"alias (inside) LAN_ADDRESS WEB_REAL_IP_ADDRESS"

So that "smart" box will not try to route package to the device with the
same security level.

You need to read your router manual on how to add alias.

cheers,
RL
<wis...@googlemail.com> wrote in message

news:1172843275.6...@v33g2000cwv.googlegroups.com...

Smokey

unread,
Mar 2, 2007, 11:08:27 AM3/2/07
to
wis...@googlemail.com wrote:
> OK, below is the part of the config file that, I hope, is relevant.
> No, there is no internal DNS server, I'm using my ISP's. And yes, I
> have NAT for the entire protocol (as far as I know). Lastly, I don't
> know what the alias problem is. Can you please explain?
>
> Thanks for your help,
>
> Stefan
>
> ---------------------------------------

Basically you can not send a request out the same interface you are to
receive the request on. I would try the alias command, what this does is
rewrites the internal IP for request to that external IP.

So if you had this scenario:

Web: 192.168.0.2
Client: 192.168.0.3
Router Inside: 192.168.0.1
Router Outside: 2.2.2.2

When the client requests you website from the LAN it can not be directed
to 2.2.2.2 instead it must use the internal IP of 192.168.0.2, the alias
command will rewrite that for you so when the clients request hits the
router it rewrites the destination IP as 192.168.0.2.


HTH

0 new messages