Answered by:
xxx.homeserver.com domain and Multi-NAT - Problem

Question
-
Hi,
I am running with a Vigor 2800 Multi-NAT router.
I am port-forwarding one of my multiple static IP address' provided by my ISP (Freeola) to WHS.
My setup is:
Router default IP xxx.xxx.xxx.1
Forwarding to another webserver xxx.xxx.xxx.2
Forwarding to WHS xxx.xxx.xxx.3
If I change the router default IP to xxx.xxx.xxx.3 then WHS is accessable from my xxx.homeserver.com address.
As soon as I switch it back to xxx.xxx.xxx.1 then WHS sees this change and points the xxx.homeserver.com address back to this external IP.
The problem is that I would rather not use this IP address for general surfing as it exposes the IP to more interest from people looking for webservers.
So my questions are:
1) Currently I have UPnP switched off - is it worth switching this on?
Does WHS take Multi-NAT into account through UPnP?
2) Is there a way of hard coding the correct external IP for WHS?
3) Is my best course of action to buy a domain name and simply point it to the correct external IP address?
I'd need to figure out the best way to deal with SSL certificates
Any help greatly appreciated.
Many thanks
Dan.
Friday, February 15, 2008 10:31 AM
Answers
-
Any configuration using dynamic DNS (which includes WHS with the homeserver.com domain) will work this way, I think. Dynamic DNS works by having the client (WHS in this case) request occasionally that the DNS entry for a particular name be updated. In your case, this request goes out over your default IP address.
I don't see anything in the manual that will let you do exactly what you want. The router supports setting up a routing table, but I don't think that will get you what you need. You may want to contact your ISP for support. What you need to be able to do is designate that traffic from a particular internal IP address should be associated with a particular external IP address.
To answer your questions:
- No. If WHS Remote Access works when your default IP and the IP you want to receive WHS traffic on are aligned, then everything is working as designed. I doubt that WHS is aware of multi-nat; it would be upstream from the server.
- No. The external IP is determined by the dynamic DNS servers at homeserver.com.
- If you can't find a way to configure WHS to put it's outbound traffic on a particular IP, then this may well be your best option. You deal with the SSL certificate in the usual way: generate a CSR from the web server, send it to the SSL CA for signing, install the certificate you get back.
Friday, February 15, 2008 2:16 PMModerator
All replies
-
Any configuration using dynamic DNS (which includes WHS with the homeserver.com domain) will work this way, I think. Dynamic DNS works by having the client (WHS in this case) request occasionally that the DNS entry for a particular name be updated. In your case, this request goes out over your default IP address.
I don't see anything in the manual that will let you do exactly what you want. The router supports setting up a routing table, but I don't think that will get you what you need. You may want to contact your ISP for support. What you need to be able to do is designate that traffic from a particular internal IP address should be associated with a particular external IP address.
To answer your questions:
- No. If WHS Remote Access works when your default IP and the IP you want to receive WHS traffic on are aligned, then everything is working as designed. I doubt that WHS is aware of multi-nat; it would be upstream from the server.
- No. The external IP is determined by the dynamic DNS servers at homeserver.com.
- If you can't find a way to configure WHS to put it's outbound traffic on a particular IP, then this may well be your best option. You deal with the SSL certificate in the usual way: generate a CSR from the web server, send it to the SSL CA for signing, install the certificate you get back.
Friday, February 15, 2008 2:16 PMModerator -
Thanks for your speedy and comprehensive reply Ken!
One thing you made me thing of, is that I could put the server on the DMZ, the router allows for a seperate external IP to be assigned in that way, although again, I'm not keen.
I think I'll go down the route of assigning a domain directly to the static IP.
I will check with the ISP first, but should imagine that it would be OK.
Thanks again!
Dan.
Friday, February 15, 2008 2:27 PM