Hosting your own domain behind cisco 831 router

Discussion in 'Cisco' started by Clan Yeti, Jan 9, 2005.

  1. Clan Yeti

    Clan Yeti Guest

    Hello all,

    I have been struggling with this problem and could use some help. I
    have registered a domain and would like to host it myself using only
    what I have now: a cisco 831 router, one static IP from my ISP, ADSL
    connection, one DNS server. My dialer interface is configed with the
    static IP, and my internal network is NATed behind it. I have done a
    little research, finding that the best solution is to either do a
    split-dns, or set up a DMZ. Both require me to have a second IP and DNS
    server, which is not very feasible at this time. Any suggestions to
    help this work would be great and highly appreciated.

    Clan Yeti, Jan 9, 2005
    1. Advertisements

  2. You don't need a second server to do split DNS. Just use the "views"
    feature of BIND 9.x to host different versions of your zone depending on
    whether the query is coming from your private network or the Internet.
    Barry Margolin, Jan 9, 2005
    1. Advertisements

  3. I have been running a Cisco 831 on my home network. I
    currently have Apache 1.3 installed on my PC. I am using a static PAT
    entry in the 831 to point port 80 at my PC. When a port 80 socket
    request arrives on the gateway, it is forwarded to my PC. This way, I
    do not need a second IP address.

    To further complicate matters, I have a dynamic IP address. I
    have installed a service on my PC that updates my DNS provider
    (ZoneEdit) with the new gateway (public) IP address whenever my router
    gets a different static IP address. That client can be purchased for
    ten dollars at You have to install
    Microsoft .NET framework on your PC before you install it, but that
    can easily be had from the Microsoft site.

    So you see, you don't need a second IP address to run a
    Webserver behind your Cisco 831 router. You don't even need a static
    IP address to do it. It can be easily done.


    Fred Atkinson, Jan 9, 2005
  4. Clan Yeti

    Clan Yeti Guest

    When you say "static PAT entry" are you meaning the same as NAT? I have
    these entries in there:

    ip nat inside static source tcp 80 interface dialer1 80
    ip nat inside static source udp 80 interface dialer1 80

    I know this may seem rather elementary, but I just want to make sure I
    have all the bases covered.
    Clan Yeti, Jan 10, 2005
  5. :When you say "static PAT entry" are you meaning the same as NAT? I have
    :these entries in there:

    :ip nat inside static source tcp 80 interface dialer1 80
    :ip nat inside static source udp 80 interface dialer1 80

    "static PAT" is "static Port Address Translation", which is a form
    of Network Address Translation.

    The entries you have are good examples of static PAT.

    I would get rid of the udp line, though -- I've never ever seen
    anyone use http over udp in practice.

    If you are going to have an DNS server internally, then you would want
    to allow in udp 53 (DNS).

    Also, if you are going to have outside systems that are allowed to do
    DNS Zone Transfers from your inside DNS server [so that they can act as
    proper secondary DNS servers for you] then you should also allow in TCP 53.

    In theory, any DNS operation could come in via TCP instead of UDP, but
    in practice real systems will try UDP first and only switch to TCP if
    the returned result has a flag set indicating that the result did not
    fit within one 536 byte UDP reply packet. The exception to that is DNS
    Zone Transfers: it isn't uncommon for systems to start with TCP for
    that, because the size of the result would so often be more than 536
    bytes. You do not usually want systems to be able to download all of
    your DNS information though [it adds to security risks]. Unless you
    might have really big glue records [rare!] then can *in practice* get
    away with blocking out TCP 53 except from systems authorized to do zone
    transfers from you. Doing so is technically in violation of the RFCs,
    but it works.
    Walter Roberson, Jan 10, 2005
  6. Here is one of the lines. I have other static PAT entries as
    well. But this one will forward to private IP address
    when an http request (port 80) comes in to the public IP address on my

    ip nat inside source static tcp 80 interface Ethernet1 80

    It works rather well.

    Fred Atkinson, Jan 10, 2005
  7. Clan Yeti

    Clan Yeti Guest

    Is your eth1 interface your outside or inside interface, this is
    another question I was mulling over. My outside interface is dialer1,
    should I be pointing it to my inside interface, eth0?
    Clan Yeti, Jan 10, 2005
  8. Clan Yeti

    Clan Yeti Guest

    nevermind... I used the help feature to find out the correct way to use
    it. Imagine that! A help feature that works...
    Clan Yeti, Jan 11, 2005
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.