Hosting your own domain behind cisco 831 router

Discussion in 'Cisco' started by Clan Yeti, Jan 9, 2005.

  1. Clan Yeti

    Clan Yeti Guest

    Hello all,

    I have been struggling with this problem and could use some help. I
    have registered a domain and would like to host it myself using only
    what I have now: a cisco 831 router, one static IP from my ISP, ADSL
    connection, one DNS server. My dialer interface is configed with the
    static IP, and my internal network is NATed behind it. I have done a
    little research, finding that the best solution is to either do a
    split-dns, or set up a DMZ. Both require me to have a second IP and DNS
    server, which is not very feasible at this time. Any suggestions to
    help this work would be great and highly appreciated.

    Dave
     
    Clan Yeti, Jan 9, 2005
    #1
    1. Advertising

  2. In article <>,
    "Clan Yeti" <> wrote:

    > Hello all,
    >
    > I have been struggling with this problem and could use some help. I
    > have registered a domain and would like to host it myself using only
    > what I have now: a cisco 831 router, one static IP from my ISP, ADSL
    > connection, one DNS server. My dialer interface is configed with the
    > static IP, and my internal network is NATed behind it. I have done a
    > little research, finding that the best solution is to either do a
    > split-dns, or set up a DMZ. Both require me to have a second IP and DNS
    > server, which is not very feasible at this time. Any suggestions to
    > help this work would be great and highly appreciated.


    You don't need a second server to do split DNS. Just use the "views"
    feature of BIND 9.x to host different versions of your zone depending on
    whether the query is coming from your private network or the Internet.

    --
    Barry Margolin,
    Arlington, MA
    *** PLEASE post questions in newsgroups, not directly to me ***
     
    Barry Margolin, Jan 9, 2005
    #2
    1. Advertising

  3. I have been running a Cisco 831 on my home network. I
    currently have Apache 1.3 installed on my PC. I am using a static PAT
    entry in the 831 to point port 80 at my PC. When a port 80 socket
    request arrives on the gateway, it is forwarded to my PC. This way, I
    do not need a second IP address.

    To further complicate matters, I have a dynamic IP address. I
    have installed a service on my PC that updates my DNS provider
    (ZoneEdit) with the new gateway (public) IP address whenever my router
    gets a different static IP address. That client can be purchased for
    ten dollars at http://www.sitedevelopers.com. You have to install
    Microsoft .NET framework on your PC before you install it, but that
    can easily be had from the Microsoft site.

    So you see, you don't need a second IP address to run a
    Webserver behind your Cisco 831 router. You don't even need a static
    IP address to do it. It can be easily done.

    Regards,


    Fred
     
    Fred Atkinson, Jan 9, 2005
    #3
  4. Clan Yeti

    Clan Yeti Guest

    When you say "static PAT entry" are you meaning the same as NAT? I have
    these entries in there:

    ip nat inside static source tcp xxx.xxx.xxx.xxx 80 interface dialer1 80
    ip nat inside static source udp xxx.xxx.xxx.xxx 80 interface dialer1 80

    I know this may seem rather elementary, but I just want to make sure I
    have all the bases covered.
     
    Clan Yeti, Jan 10, 2005
    #4
  5. In article <>,
    Clan Yeti <> wrote:
    :When you say "static PAT entry" are you meaning the same as NAT? I have
    :these entries in there:

    :ip nat inside static source tcp xxx.xxx.xxx.xxx 80 interface dialer1 80
    :ip nat inside static source udp xxx.xxx.xxx.xxx 80 interface dialer1 80

    "static PAT" is "static Port Address Translation", which is a form
    of Network Address Translation.

    The entries you have are good examples of static PAT.

    I would get rid of the udp line, though -- I've never ever seen
    anyone use http over udp in practice.

    If you are going to have an DNS server internally, then you would want
    to allow in udp 53 (DNS).

    Also, if you are going to have outside systems that are allowed to do
    DNS Zone Transfers from your inside DNS server [so that they can act as
    proper secondary DNS servers for you] then you should also allow in TCP 53.

    In theory, any DNS operation could come in via TCP instead of UDP, but
    in practice real systems will try UDP first and only switch to TCP if
    the returned result has a flag set indicating that the result did not
    fit within one 536 byte UDP reply packet. The exception to that is DNS
    Zone Transfers: it isn't uncommon for systems to start with TCP for
    that, because the size of the result would so often be more than 536
    bytes. You do not usually want systems to be able to download all of
    your DNS information though [it adds to security risks]. Unless you
    might have really big glue records [rare!] then can *in practice* get
    away with blocking out TCP 53 except from systems authorized to do zone
    transfers from you. Doing so is technically in violation of the RFCs,
    but it works.
    --
    Take care in opening this message: My grasp on reality may have shaken
    loose during transmission!
     
    Walter Roberson, Jan 10, 2005
    #5
  6. Here is one of the lines. I have other static PAT entries as
    well. But this one will forward to private IP address 10.10.10.200
    when an http request (port 80) comes in to the public IP address on my
    router.

    ip nat inside source static tcp 10.10.10.200 80 interface Ethernet1 80

    It works rather well.


    Fred
     
    Fred Atkinson, Jan 10, 2005
    #6
  7. Clan Yeti

    Clan Yeti Guest

    Is your eth1 interface your outside or inside interface, this is
    another question I was mulling over. My outside interface is dialer1,
    should I be pointing it to my inside interface, eth0?
     
    Clan Yeti, Jan 10, 2005
    #7
  8. Clan Yeti

    Clan Yeti Guest

    nevermind... I used the help feature to find out the correct way to use
    it. Imagine that! A help feature that works...
     
    Clan Yeti, Jan 11, 2005
    #8
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Jimmyzshack
    Replies:
    1
    Views:
    554
    Claude LeFort
    Nov 19, 2003
  2. Erwin Drager
    Replies:
    6
    Views:
    1,375
    Erwin Drager
    Apr 21, 2005
  3. Frank  ess

    Your own photos in your own book

    Frank ess, Dec 9, 2004, in forum: Digital Photography
    Replies:
    1
    Views:
    419
    Phil Stripling
    Dec 9, 2004
  4. Yajesh Shanker
    Replies:
    7
    Views:
    2,790
    Trendkill
    Mar 29, 2007
  5. Limited Wisdom
    Replies:
    7
    Views:
    828
    Jonathan Roberts
    Sep 13, 2006
Loading...

Share This Page