locked
xxx.homeserver.com domain and Multi-NAT - Problem RRS feed

  • Question

  • Hi,

    I am running with a Vigor 2800 Multi-NAT router.

     

    I am port-forwarding one of my multiple static IP address' provided by my ISP (Freeola) to WHS.

     

    My setup is:

     

    Router default IP                          xxx.xxx.xxx.1

    Forwarding to another webserver    xxx.xxx.xxx.2

    Forwarding to WHS                      xxx.xxx.xxx.3

     

    If I change the router default IP to xxx.xxx.xxx.3 then WHS is accessable from my xxx.homeserver.com address.

    As soon as I switch it back to xxx.xxx.xxx.1 then WHS sees this change and points the xxx.homeserver.com address back to this external IP.

     

    The problem is that I would rather not use this IP address for general surfing as it exposes the IP to more interest from people looking for webservers.

     

    So my questions are:

     

    1) Currently I have UPnP switched off - is it worth switching this on?

    Does WHS take Multi-NAT into account through UPnP?

     

    2) Is there a way of hard coding the correct external IP for WHS?

     

    3) Is my best course of action to buy a domain name and simply point it to the correct external IP address?

    I'd need to figure out the best way to deal with SSL certificates

     

    Any help greatly appreciated.

     

    Many thanks

     

    Dan.

     

     

    Friday, February 15, 2008 10:31 AM

Answers

  • Any configuration using dynamic DNS (which includes WHS with the homeserver.com domain) will work this way, I think. Dynamic DNS works by having the client (WHS in this case) request occasionally that the DNS entry for a particular name be updated. In your case, this request goes out over your default IP address.

    I don't see anything in the manual that will let you do exactly what you want. The router supports setting up a routing table, but I don't think that will get you what you need. You may want to contact your ISP for support. What you need to be able to do is designate that traffic from a particular internal IP address should be associated with a particular external IP address.

    To answer your questions:
    1. No. If WHS Remote Access works when your default IP and the IP you want to receive WHS traffic on are aligned, then everything is working as designed. I doubt that WHS is aware of multi-nat; it would be upstream from the server.
    2. No. The external IP is determined by the dynamic DNS servers at homeserver.com.
    3. If you can't find a way to configure WHS to put it's outbound traffic on a particular IP, then this may well be your best option. You deal with the SSL certificate in the usual way: generate a CSR from the web server, send it to the SSL CA for signing, install the certificate you get back.
    Friday, February 15, 2008 2:16 PM
    Moderator

All replies

  • Any configuration using dynamic DNS (which includes WHS with the homeserver.com domain) will work this way, I think. Dynamic DNS works by having the client (WHS in this case) request occasionally that the DNS entry for a particular name be updated. In your case, this request goes out over your default IP address.

    I don't see anything in the manual that will let you do exactly what you want. The router supports setting up a routing table, but I don't think that will get you what you need. You may want to contact your ISP for support. What you need to be able to do is designate that traffic from a particular internal IP address should be associated with a particular external IP address.

    To answer your questions:
    1. No. If WHS Remote Access works when your default IP and the IP you want to receive WHS traffic on are aligned, then everything is working as designed. I doubt that WHS is aware of multi-nat; it would be upstream from the server.
    2. No. The external IP is determined by the dynamic DNS servers at homeserver.com.
    3. If you can't find a way to configure WHS to put it's outbound traffic on a particular IP, then this may well be your best option. You deal with the SSL certificate in the usual way: generate a CSR from the web server, send it to the SSL CA for signing, install the certificate you get back.
    Friday, February 15, 2008 2:16 PM
    Moderator
  • Thanks for your speedy and comprehensive reply Ken!

     

    One thing you made me thing of, is that I could put the server on the DMZ, the router allows for a seperate external IP to be assigned in that way, although again, I'm not keen.

     

    I think I'll go down the route of assigning a domain directly to the static IP.

    I will check with the ISP first, but should imagine that it would be OK.

     

    Thanks again!

     

    Dan.

    Friday, February 15, 2008 2:27 PM