web server

i have the web server right now on my local network with all my office computers. i recently had an issue where my web server went down as well as everything else. i am trying to figure out a way to remove it from the network its on now and put it on its own without buying another utm.

 

using a sg210.

 

i have done this so far and it didnt work as intended.

 

made new dhcp interface. added my web server to it and set up the real and fake web servers with new ip.

 

 

lets use this as an example. 192.168.1.100 is the old ip and all my office computers and phones are on this same network.

 

new dhcp server for web server is 10.10.10.100. while still using the same utm. i use my home computer and it loads my web server with the domain.com however when i use an office computer i need to use 10.10.10.100 in order to load the website locally.

 

why is this? why can i not view my website internally with the domain if its not even on the same dhcp?

  • The issue seems to be related to DNS. What are you using for DNS? Make sure you have a host entry for your "domain.com" to point to your new internal web server's address (10.10.10.100)

    Thanks,
    Karlos

  • In reply to Karlos:

    what do you mean dns?

    If I gave you the domain name and you look at in your web browser works just fine. Can’t complain about that.

    Just internally. Have to tell everyone to use the IP address in browser if they are going to view it. Really quite annoying. I’m this ||  close to buying another utm just for my web server and have it set up by itself

    Domain is pointing to the external IP address then the utm picks up this traffic and directs it to my web server pc and displays what it’s supposed to outside just fine.

  • In reply to tom valenti:

    Hi Tom,

    Like you said, the domain is only pointing to the external IP address right now. The external IP is intended for external users. 

    You need another host record that points to the internal IP address in your internal DNS server for you internal hosts. You do not want your internal users to have to access your server using the public IP when you can point them directly. 

    Pretend this web server is not accessible from the outside and is for internal use only. Think of how you would set up your DNS records then. You still need those DNS records in addition to the external IP. 

    Thanks,

    Karlos

  • In reply to Karlos:

    but i dont want it to point internally. i want it to go outside and load just like everyone else uses it. 

     

    something doesnt display for some stupid reason if you look at internally but externally it displays. 

     

    youre just telling me to make a host name of my domain  point to 10.10.10.100 and the external ip. thats not what i want. i want my web server treated like its not locally there. just like every other website thats loaded in my office. if i wanted to google something i type google.com and it loads like it should. even if im at google.com i my query to bounce all over the place like its supposed to not just go directly to the web server over the lan there. 

     

    if it cant be done with the 1 utm then someone needs to tell me it cant and thats fine ill buy another utm and make it all separated. 

  • In reply to tom valenti:

    Hi Tom,

    Thanks for explaining. Since you want your internal users to access your web server from the external address, then your current setup/WAF will not work. It only allows you to specify a single interface. You can purchase another UTM like you mentioned, or...

    You can make it work using a DNAT rule instead (basic port forwarding), but it will not have have all the filtering and security. 

    If you go with the DNAT rule, you would set it up similar to below image:

     

    "Machine 10" would be your internal web server IP

    Under Using Service "Web Surfing" you can specify HTTP or HTTPS or stick to "Web Surfing" which includes both ports.

     

    Hope that helps,
    Karlos

  • In reply to Karlos:

    Thanks.

    Dnat is something I’m not going to be using for less security. Just going to get another appliance just for my web severs.

    It’s just really odd that even if I have 3 uplinks one for web surfing one for mail and one for my web servers that it still has to go out of one external static ip and reach another external yet it won’t load from the same appliance.

    No worries thanks for the Help. Now I need to figure out if the 210 is even worth having now or something smaller is better suited.

  • In reply to tom valenti:

    Hi, Tom, and welcome to the UTM Community!

    If you are indeed new to this tool, it seems to me that you're making decisions based on too little understanding of how WebAdmin and the UTM work.  Here are a couple links that might help you: DNS best practice & Accessing Internal or DMZ Webserver from Internal Network.

    Cheers - Bob

  • The web server should have a static address, not a DHCP-assigned IP.

    Since the webserver is now connected to a different NIC, it is a separate LAN and needs a separate subnet.   You can make it one LAN by configuring a bridged interface, but that is probably not workable for you.  The bridge needs two unused interface and you need an interface for talking to UTM during the reconfiguration.  I am guessing that you do not have three unused.