OP
OP
no, unfortunately the chain collapsed again 1 week ish from exchange just before Xmas so we have decided to stay and do more changes here instead.
Pinball info
Register a free account today to become a member! Once signed in, you'll be able to participate on this site by adding your own topics and posts, as well as connect with other members through your own private inbox!
Any good broadband services that offer static ips still?
- Thread starter myPinballs
- Start date
Oh no nightmare.
OP
OP
Ok, got my fibre line installed finally ( nice open reach guy came yesterday and sorted out the install) and i'm moved to a new ip address for website etc. All internet is working again here, but i have an issue i need some network gurus help with..
https://mypinballs.com is working ok externally, but when i try to access it internally it doesn't load. If i load the internal address of the server then its fine.
What am i missing??? i dont want to have to use the internal address because the ssl cert messes up .Something is different on the new sky router compared with the plus net one, but i can't fathom it out
https://mypinballs.com is working ok externally, but when i try to access it internally it doesn't load. If i load the internal address of the server then its fine.
What am i missing??? i dont want to have to use the internal address because the ssl cert messes up .Something is different on the new sky router compared with the plus net one, but i can't fathom it out
Fubar
Site Supporter
The router isn't responding to packets addressed to your public IP when they come in on the internal interface. If you have a local DNS server it may be possible to override, otherwise you can hardwire the domain to your internal IP in your computer's hosts file.
Does it resolve to the correct external IP address internally when you try to ping it? i.e. 46.64.9.69
Also have you done DNS flush on your local device to make sure its not cached the old IP addressm and also checked what Tom said in the last post.
Also have you done DNS flush on your local device to make sure its not cached the old IP addressm and also checked what Tom said in the last post.
Presume that you and the server are both on the same sub address internally?? eg 192.168.0.x
Also i guess you are using port forwarding/DMZ for access to the server?
OP
OP
a ping internally results in this:
PING mypinballs.com (46.64.9.69): 56 data bytes
Request timeout for icmp_seq 0
Request timeout for icmp_seq 1
Request timeout for icmp_seq 2
Request timeout for icmp_seq 3
Request timeout for icmp_seq 4
Request timeout for icmp_seq 5
Request timeout for icmp_seq 6
Request timeout for icmp_seq 7
OP
OP
Yes internally, the server is 192.168.0.100 and i have TCP 443 and 80 set as port forwarding (and udp 2069 for pin2k tournament stuff)
works ok from the 192.168 address but nothing if type mypinballs.com
I assume a custom host rule is going to be needed as mentioned above, but i dont understand why the old plus net router just worked fine for this. Also i preferred before to know that i was actually accessing the proper dns entry, not an internal hack.
Fubar
Site Supporter
Check if your router supports NAT hairpinning/loopback/reflection in the settings.
OP
OP
Yeah i already searched for this and nothing, but there wasn't anything set on the old one either. It just worked fine before. Odd
Yeah you dont normally have to setup anything like that as far as Ive found.
You could try a trace route to the IP address and see what path its trying to take.
tracert 46.64.9.69
You could try a trace route to the IP address and see what path its trying to take.
tracert 46.64.9.69
Saying that when Ive tried it nothing replies past a certain point so may not tell you anything.
Fubar
Site Supporter
I depends on how the data plane is implemented really. Not every router can be made to do this.
Having a local DNS server providing the LAN address for that domain is the cleanest solution. Of course if the Sky router is also the DNS cache and doesn't support such an override that's not much use!
OP
OP
Thanks for the replies, appreciated. I guess i'm getting old!! i just want my setup to work like before haha.. Assumed this type of thing would be std features for a business service..
Pass me the zimmer frame!!
Pass me the zimmer frame!!
Fubar
Site Supporter
These days everything just gets hosted in azure (or aws/gcp). At work we design the network cards they use in their datacenters, currently working on the next gen which will have 2x 400Gbps interfaces lol
OP
OP
There is a 'Static Routing Rules' Section, but i'm not sure what should be entered here, or if that is even the correct place.
If you drop into command prompt and do an IPconfig /all take a look at the DNS servers. try manually setting on your local machine to 8.8.8.8 (which is google's dns). Might work as it might force out of your network and back in again.
Failing that, you may have to start playing about with your DNS as mentioned above.
Failing that, you may have to start playing about with your DNS as mentioned above.
Doesn't sound like a DNS issue as its resolving to the correct external IP address internally.
Sounds more like a routing issue, the new router not directing traffic to its own external IP correctly.
Might be worth speaking to the new ISP about the issue?
It sounds like the DNS tells the server an external address but when the route traverses the modem/router it hits the external interface which is the same as destination address so it drops it as it has no onward route. The traffic is outbound so the interface doesn’t use the port forwarding rule to come back in.
Set a local host file to effectively add a DNS entry for the web site that on your machine.
Set a local host file to effectively add a DNS entry for the web site that on your machine.
Should still work though, on my old Virgin Media connection I had port forwards on my external IP and had a Dynamic DNS setup to resolve to the external IP on my connection and I could still use the ddns address internally to connect to my internal machines via the port forwards without having to mess around with the internal DNS resolving the ddns domain to the local internal IPs, if that makes sense.
And that also wouldnt have worked for me anyway as I have different ports forwarded to different internal servers.
If Sky will let you (Sky do not let you use your own router on a domestic connection) I recommend using a Draytek router 2866, you are experiencing a situation I had with CCTV app on a clients phone, worked ok outside (4g) on its Public IP but connected to the local Wifi on the public IP it just didn`t work.
Fubar
Site Supporter
Might be able to bodge it there - maybe share a screenshot?
Otherwise, putting the sky box in modem mode and getting another router is definitely an option.
Don't think that using an external DNS will change anything.
- Joined
- Jul 21, 2011
- Messages
- 3,397
- Alias
- .
That looks normal for me too. Ping will be blocked on your hosting webserver.
OP
OP
First thing, thanks everyone for replying here and helping me out with this, i really love the people here, great community 
So i think i've solved it using the recommended approach of a local host rule on each computer.
This is what i added
For notes, My setup at home for business and such is using a separate set of linked routers running dd-wrt that i have setup how i like with all my static ips for music (sonos), heating (honeywell evohome), printers, tvs, streaming boxes, pinballs, even had time rules for kids devices once upon a time (totally pointless nowadays with kids older, with 5g and access to neighbours wifi!! - separate discussion!) so getting a new provider in theory wasn't going to be an issue, because i just assign the wan ip for the main internal stuff to the new provider lan section using a fixed ip there and that worked fine, accept for this 1 issue, which i guess is just a lack of proper features for static ip users. Kind of annoying but the solution above works ok i think.
Only question now is what do we think the best way to check external access to the website is, as the internal rules now kind of mask things. Maybe its fine because if the website goes down it should stop working internally anyway, but i like to check its live every so often. paranoia checks etc!! lol
So i think i've solved it using the recommended approach of a local host rule on each computer.
This is what i added
Code:
##
# Host Database
#
# localhost is used to configure the loopback interface
# when the system is booting. Do not change this entry.
##
127.0.0.1 localhost
255.255.255.255 broadcasthost
::1 localhost
192.168.0.100 mypinballs.com
192.168.0.100 www.mypinballs.comFor notes, My setup at home for business and such is using a separate set of linked routers running dd-wrt that i have setup how i like with all my static ips for music (sonos), heating (honeywell evohome), printers, tvs, streaming boxes, pinballs, even had time rules for kids devices once upon a time (totally pointless nowadays with kids older, with 5g and access to neighbours wifi!! - separate discussion!) so getting a new provider in theory wasn't going to be an issue, because i just assign the wan ip for the main internal stuff to the new provider lan section using a fixed ip there and that worked fine, accept for this 1 issue, which i guess is just a lack of proper features for static ip users. Kind of annoying but the solution above works ok i think.
Only question now is what do we think the best way to check external access to the website is, as the internal rules now kind of mask things. Maybe its fine because if the website goes down it should stop working internally anyway, but i like to check its live every so often. paranoia checks etc!! lol
OP
OP
A note from above about managing internet access for your young children! Of course my youngest child is now nearly 18 so its all a mute point, but i found it quite amusing with the ingenuity of kids!
I had time settings once upon a time that would stop internet access at preset times on linked devices to 'help' them go to sleep, rest etc!!
One day i was wondering why my daughter was still watching you tube videos past here bed time. Her response was 'oh i just used my friends wifi (from next door)' DOH! foiled by a child!! haha. then 4g came along with phone contracts and that was the end of any sort of limiting access. At least it worked ok upto about 12 years old haha
I had time settings once upon a time that would stop internet access at preset times on linked devices to 'help' them go to sleep, rest etc!!
One day i was wondering why my daughter was still watching you tube videos past here bed time. Her response was 'oh i just used my friends wifi (from next door)' DOH! foiled by a child!! haha. then 4g came along with phone contracts and that was the end of any sort of limiting access. At least it worked ok upto about 12 years old haha
Fubar
Site Supporter
Thanks for the update, glad you got it sorted.
Suggest checking it from a phone on mobile data.
- Joined
- Jul 21, 2011
- Messages
- 3,397
- Alias
- .
If you're using DD-WRT you can set those addresses on its hosts file. Save you doing each computer.First thing, thanks everyone for replying here and helping me out with this, i really love the people here, great community
So i think i've solved it using the recommended approach of a local host rule on each computer.
This is what i added
Code:## # Host Database # # localhost is used to configure the loopback interface # when the system is booting. Do not change this entry. ## 127.0.0.1 localhost 255.255.255.255 broadcasthost ::1 localhost 192.168.0.100 mypinballs.com 192.168.0.100 www.mypinballs.com
For notes, My setup at home for business and such is using a separate set of linked routers running dd-wrt that i have setup how i like with all my static ips for music (sonos), heating (honeywell evohome), printers, tvs, streaming boxes, pinballs, even had time rules for kids devices once upon a time (totally pointless nowadays with kids older, with 5g and access to neighbours wifi!! - separate discussion!) so getting a new provider in theory wasn't going to be an issue, because i just assign the wan ip for the main internal stuff to the new provider lan section using a fixed ip there and that worked fine, accept for this 1 issue, which i guess is just a lack of proper features for static ip users. Kind of annoying but the solution above works ok i think.
Only question now is what do we think the best way to check external access to the website is, as the internal rules now kind of mask things. Maybe its fine because if the website goes down it should stop working internally anyway, but i like to check its live every so often. paranoia checks etc!! lol
There are a few methods to make this work
What is happening is your PC is querying the public DNS record for your website, and then attempting to connect as it would externally, however it will be hitting the interface from the 'wrong' direction in your case so there will be no rule to match
You can either use/enable NAT loopback/hairpin NAT which will look at traffic coming from an internal interface and routed to the WAN interface and like the name suggests loop it back internally.
The other option is to run a split brain DNS, and set up the DNS server on the router (or run your own DNS server and tell the clients to use that) to hold the same records as your external domain's DNS zone, but changing the records for stuff that's local - this is basically what you're doing with the HOST edits, but it's done centrally.
Personally this is the route I would use.
I'm not a huge fan of messing with the HOSTS file as it can often be seen as potentially malicious behaviour by EDR/AV scanners (a common malware tactic of redirection) and if you ever make a change its a pain to update everything.
However I would ask the question if running the website on your own kit, just NAT'd through a router is the best route these days, I'd be tempted to move the website to a hosting provider which for a simple site I can't see costing much and you don't have to open your network to the outside world.
What is happening is your PC is querying the public DNS record for your website, and then attempting to connect as it would externally, however it will be hitting the interface from the 'wrong' direction in your case so there will be no rule to match
You can either use/enable NAT loopback/hairpin NAT which will look at traffic coming from an internal interface and routed to the WAN interface and like the name suggests loop it back internally.
The other option is to run a split brain DNS, and set up the DNS server on the router (or run your own DNS server and tell the clients to use that) to hold the same records as your external domain's DNS zone, but changing the records for stuff that's local - this is basically what you're doing with the HOST edits, but it's done centrally.
Personally this is the route I would use.
I'm not a huge fan of messing with the HOSTS file as it can often be seen as potentially malicious behaviour by EDR/AV scanners (a common malware tactic of redirection) and if you ever make a change its a pain to update everything.
However I would ask the question if running the website on your own kit, just NAT'd through a router is the best route these days, I'd be tempted to move the website to a hosting provider which for a simple site I can't see costing much and you don't have to open your network to the outside world.
OP
OP
