Re: Special-Use Domain 'home.arpa.'

Top Page
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: Rusty Carruth via PLUG-discuss
Date:  
To: plug-discuss
CC: Rusty Carruth
Subject: Re: Special-Use Domain 'home.arpa.'
I didn't see a direct answer to this question yet, so here goes....

On 11/23/22 10:43, Keith Smith via PLUG-discuss wrote:
> Thanks Bob,
>
> Ok, Lets say I register MyDomain.TLD.
>
> I have 4 or 5 nodes on my local net on 192.168.99.x


(Statement group A)


> 1) My Linux desktop is on 192.168.99.5 and its FQDN is
> Desktop.MyDomain.TLD.
> 2) My Proxmox server is on 192.168.99.10 and its FQDN is
> PVE.MyDomain.TLD.
> 3) I have a virtual machine on 192.168.99.20 and its FQDN is
> Ubuntu-Lamp.MyDomain.TLD.

(Statement B)

> And I go over to DigitalOcean and Setup a website for MyDomain.TLD.
>
> DigitalOcean provides DNS and it is configured and my website is
> accessible globally via the Internet.
>
> Now I configure a DNS server on my Desktop which is on a private IP. 
> Lets say I use BIND for my local net only.
>

(Above is statement C, where I assume that you set up DNS entries for
the 3 machines above, with the DNS server (BIND) pointing 'upward' for
anything else)
> Then I decide to add a public website running on an old laptop I own.
> Lets say I register the domain MyTestSite.TLD
>

Statement D.
> It is Ubuntu LAMP + BIND.  It is on a private IP and I use NAT to port
> forward for ports 80/445/53...etc.
>
> I know this sounds like a silly question, however understand I am a
> programmer not a system admin.
>

I do both, so hopefully I can understand and help ;-)
> On it's face It looks like it will work.
>
> Any thoughts?
>
> Thanks!!
> Keith


I added numbers to the above because I'm confused by one statement above.

So, at B you say your website is accessible.  What do you mean by that? 
I didn't think you had a web server running yet?  Or are you just
talking about the ability for the outside world to resolve your website
address to an IP address?

Let me assume you mean the latter.  So, at point B none of your local
machines are 'visible' to the outside world (for 2 reasons - one, you
haven't defined a DNS entry to give the world your IP address, and two
they couldn't get to your internal machines anyway since they are using
'non-routable' IP addresses (see note below).

So, now you create a machine and set up a web server that you want to be
available to the world.  However, that machine is on a non-routable
network.  This means that you need a machine 'on the internet' that can
forward (tunnel) HTTP requests to your 'public' web server.

If you don't have such a machine, that's your first hurdle - you need to
get one.  (I'm assuming your 'ISP' doesn't allow incoming HTTP requests
to you. This is extremely likely to be true, unless you paid extra for a
routable IP on your firewall.)

Then, once you have a machine that is visible on the internet, you need
to get requests TO it forwarded to your internal server.

As is usually the case with Linux, there's more than one way to do it. 
I'll mention at least 2:

1 - ssh from the internal server machine to the internet-visible one,
setting up port forwarding from the internet machine's web ports to your
internal server.

2 - instead of getting an external machine on the internet, get a
routable IP address from your ISP (this is now your 'machine visible on
the internet'), set external DNS to point to your IP address you got,
set up your firewall with what IPCop called an 'Orange' network, put the
internal server on that network, and have the firewall forward 80 and
etc to the internal server.

That's enough blather (and hand-waving!) for now....


Note - 'non-routable' means you can't use such an IP address on the
internet.  You CAN route from one 'non-routable' network to another
LOCALLY.  If this confuses you, sorry....  If so, just think
'non-routable' means that a server on the internet can't use those IP
addresses and have anyone 'reach' it. Hopefully that made sense if the
other didn't.


---------------------------------------------------
PLUG-discuss mailing list:
To subscribe, unsubscribe, or to change your mail settings:
https://lists.phxlinux.org/mailman/listinfo/plug-discuss