[plug] re: accessing web page

[Jon Miller]

I'll try to answer the questions the best that I can.

On Sat, 2003-06-28 at 18:19, James Devenish wrote:
> In message <1056794749.2188.1477.camel at jlmpc>
> on Sat, Jun 28, 2003 at 06:05:49PM +0800, Jon Miller wrote:
> > The hostname is gateway, the domain name is mmtnetworks.com.au.  If I'm
> > try to access www.mmtnetworks.com.au from the internal network, I get
> > nothing.
> 
> Aha! Some details. Okay, if you want to access www.mmtnetworks.com.au
> from within your VPN then routing and encryption are going to be the
> main issues. Domain name issues *might* be part of the problem but it
> really depends on how the VPN has been set up.
> 
> Earlier, you said:
> 
> > In message <sefcc0c3.074 at mmtnetworks.com.au>
> > on Fri, Jun 27, 2003 at 10:09:51PM +0800, Jon  Miller wrote:
> > > @       IN      SOA     gateway.mmtnetworks.com.au. root.mmtnetworks.com.au. (
> > [...]
> > > gateway     IN      A       192.168.1.3
> > [...]
> > > www     IN      CNAME   gateway
> 
> I think that you haven't told us what domain this zone file is for. I
> have some questions (maybe just have a private think about these in case
> you get in contact with someone who can visit you and examine your
> setup):
> 
JLM> this particular file is for the internal users (zone file
internal.mmtnetworks.com.au.hosts) It's simply supposed to allow us to
contact the servers by name.  There are about 6-8 servers on-line at any
one time.
There is another zone file that is for mmtnetworks.com.au and that file
name is mmtnetworks.com.au.hosts.  This files contains the MX records
(pri and sec), NS x 3 (1 local and 2 ISP), A record for 203.153.229.84,
CNAME's for mail, gateway, webmail, webmon, www and localhost (why this
is needed I'm not sure).

 
>  - Is the zone file used to serve mmtnetworks.com.au or
>    gateway.mmtnetworks.com.au? (I.e. are you trying to tell us that it
>    is a substitute for the public mmtnetworks.com.au zone?)
>  - Is this zone file something that has been in long-standing,
>    functional use, or does it exist "on a hunch"?

JLM> long standing, but the www never worked.

>  - Are the contents of this zone file used by clients and if so,
>    how / why is it served to them that way?
>  - Is 192.168.1.3 the same computer that uses 203.153.229.84?
> 
JLM> used by internal staff only, yes 192.168.1.3 is the same server
that is assigned to 203.153.229.84 also known as gateway.

> One possible problem is that the web server may be expecting traffic to
> be encrypted (nor not encrypted) and it finds the traffic isn't. It's
> not really possible to diagnose your highly site-specific problem based
> on generic and sparse information. The problem could be in the real
> nitty-gritty of your VPN setup. Personally, I have no CIPE experience so
> I wouldn't know about "typical configuration" of CIPE. For someone to
> begin to understand the problem, basic questions include:
> 
>  - is the name of the web server being resolved properly?

JLM> externally - yes, external is fine; internal only by the internal
ip address.

>  - can the client packets theoretically be routed to the server and is
>    it actually happening?

JLM> only if we use the internal ip address. If we try to use the www
address it does nothing.

>  - is the server dropping the client packets because they have the wrong
>    encryption status?
>  - is the client dropping server packets?
> 
JLM> Not sure, when using tethereal I see nothing.
Furthermore, we have CIPE as our VPN between 3 servers, on top of that
we have a redundant VPN using the Cisco routers.  This will in the next
few weeks be changed.

I'll send more later, gotta go to dinner date with wife.

Thanks

Jon
> James.
-- 
Jon Miller <jlmiller at mmtnetworks.com.au>
MMT Networks Pty Ltd