cameronm — 2013-01-23T23:32:27-05:00 — #1
This is my first post on these forums, and I have to say so far I have loved the sites - especially the walkthroughs. I am pursuing a CS degree from Tufts and cannot wait to get started participating in this forum. Anyway, here is my question:
I set up a server (Win 7, Apache 2.2, PHP5, MySql, Filezilla FTP Srvr) and registered a domain name. After wrestling with it for a while, I finally got everything configured with DNS and the whole 9 yards so that Apache is servicing my domain www.mydomainname.com and serving my Wordpress blog.
Here is the caveat:
The only way to access the FTP server is through the domain name now... Lets say my IP is 184.108.40.206, If I go to ftp://220.127.116.11 the page times out. However, if I go to ftp://mydomainname.com, it connects just fine.
How would I go about it so that my FTP server can respond to requests from the external IP, and not just through requests by domain name?
dklynn — 2013-01-24T02:51:07-05:00 — #2
First, Welcome to SitePoint!
Now, if I understand correctly, you're mixing apples and oranges and getting prune juice.
Are you going this on your WinDoze box? If so, you didn't need to register a domain name, you didn't need to configure a DNS (other than your hosts file and httpd-vhosts.conf for your virtual host) and you certainly don't need an FTP client (you don't want to invite hackers, do you?).
If I guessed wrong, you're being hosted on a shared server (which also infers a shared IP address so you can't access your website via the IP address).
Please clarify whether your "website" is self-hosted or not.
system — 2013-01-24T05:00:47-05:00 — #3
If so, you didn't need to register a domain name, you didn't need to configure a DNS (other than your hosts file and HTTP-vhosts.confor for your virtual host) and you certainly don't need an FTP client. FTP uarname and host and the password site the ip address.
serverstorm — 2013-01-24T11:09:26-05:00 — #4
Yes welcom cameronm,
DK accurately describes the scenarios. To understand these a bit differently, if you are hosting on your local network, say your own machine then you currently have this setup to:
Start request in your browser --> Go through Firewall -> Go to public DNS --> Find mydomainname.com (resolves your public I.P.) --> Route back to your firewall --> Route back to the web server on your machine.
What you want is:
Start request in your browser --> Lookup Hosts file (either set in your firewall or in Windows/System32/etc/hosts) --> Route to your web server
In the second scenario you can then add files by using explorer and dropping files in your web directory.
If the server you set-up is on a public server then the ftp may be needed. One of the reasons why connecting to ftp by IP can fail is that when using ftp://18.104.22.168 it assumes that port 21 is being used. However FTP by your host may have been set to a different non-standard port so this could be your issue.
cameronm — 2013-01-24T18:16:34-05:00 — #5
I should clarify a bit more. Sorry about that.
The website is self hosted, by me, on my home server that is on a network where all of the necessary ports are being forwarded correctly. The thing is, I actually WANT two separate groups of people connecting in two different ways. I want it so that regular internet surfers can go to my domain www.example.com regularly, but that people who KNOW about the FTP server would connect via the IP address. The people who will be connecting to my FTP server will have no idea that the domain website has anything to do with the FTP server. The FTP server worked fine before, until I got the domain all set up and now you can only connect to the FTP by actually using the domain name. I guess in sum, I really just want the external IP to be AVAILABLE to connect to specifically via FTP.
In my etc/hosts file, I have www.mydomain.com and my.internal.ip.address
along with the same but for mydomain.com without the subdomain www.
serverstorm — 2013-01-24T22:16:13-05:00 — #6
I'm typing this on my phone, so please excuse the writing style.
If you ping your public IP, not from your LAN, but from somewhere on the WAN does it resolve? Do you NAT the ftp on port 21?
cameronm — 2013-01-26T03:16:30-05:00 — #7
Not sure how NAT works exactly, although I know it has to do with routing in a way. The ping does resolve when done from elsewhere on the WAN.
UPDATE: It's not just the FTP server that does not resolve by IP (only by domain name), but the web server as well. FTP and HTTP server only accessible via www.mydomain.com and not by IP. Suggestions? I've been pulling my hair out about it but it truly is necessary for my needs.
serverstorm — 2013-01-26T09:32:00-05:00 — #8
Can you please outline what LAN firewall your using and if you can log into the firewall to configure NAT (Forwarding), security, etc...
The local hosts will not have any bearing on if you can connect to http or ftp from the WAN. It really does seem like the issue might lie in the firewall configuration.
cameronm — 2013-01-26T18:03:16-05:00 — #9
First of all - this is awesome. I'm thankful for your guys' help already. SitePoint has really exceeded my expectations across the board. Bigups!
As of current, I have Windows Firewall completely disabled. The only other possible firewall could be in the modem/router. The router that the server is behind isn't actually a router though, it is the Xfinity (Comcast) Wireless Modem (but it also behaves like a switch). The device is standard issue for Comcast and I believe identical to this one: http://gigaom.com/2011/11/21/comcast-broadband-wireless-gateway/
In the actual configuration of that router/modem, I have the ports forwarded (21 and 80) to the server, and even set up the server in the "DMZ."
Also, the firewall is set to "low."
Anything else I am missing?
cameronm — 2013-01-26T18:09:31-05:00 — #10
One more thing,
my etc/hosts file looks like this:
cameronm — 2013-01-27T16:57:04-05:00 — #11
Any thoughts? This has been driving me up the wall for quite some time now...
dklynn — 2013-01-27T19:29:49-05:00 — #12
Before an Admin whacks you for your bump, please be advised that "bumping" any post is severely frowned upon (forbidden) and will only get you in trouble and eventually banned.
I'm not an expert in these matters but I have several ideas about where the problem exists for you (but not how to resolve it).
- Does your ISP allow you to host your website? Most do not so I'm surprised if they're allowing you (under their Terms and Conditions) to do so as that's competition for them.
- Does your ISP allow you to host an FTP client? Ditto the above but also opening another pair of ports for you at their server, your firewall and your PC. ServerStorm has covered the firewall issues but I believe that you need to address the local ports in your hosts file USING THE IP ADDRESS ASSIGNED TO YOU BY YOUR ISP, not some LAN IP and certainly not localhost's.
- As just covered, your hosts file is likely to be problematic ... but I've never seen it with port information, just IP addresses and domains. Without an external (WAN) IP address, you can't be contacted from the WAN.
- Of course, if you're also using non-standard ports, you'll need to configure all along the route, too.
Okay, that pretty much exhausts my usefulness.
cameronm — 2013-01-27T21:03:01-05:00 — #13
Well, to be honest I am not sure. I believe Xfinity allows hosting, because like I said it is working fine (both FTP and HTTP servers) when accessed via domain name.
As for the hosts file, I am not sure what you are trying to get at (sorry if it is a simple thing, this is the first time I have tried to do all of this server configuration). I posted above what my hosts file looks like, with mydomain.com and www.mydomain.com fitted with my LAN IP address for the server. Everything I have read about adding to the hosts file indicates that this is the proper way to have it configured.
Finally, the ports I am using are standard- 80 and 21 (and forwarded to my LAN IP in the router config).
Anyone else have any ideas? I would be forever grateful for any suggestions or advice.
serverstorm — 2013-01-28T11:06:00-05:00 — #14
Yes, we frown heavily upon bumping threads. Your issues at this point is not clear-cut, therefore those of us reponding are trying to visualize what you have going on, so it may take some time for people to formulate ideas of how to help you.
The being able connect with domain names but not by I.P. is puzzling to me anyway.
The Xfinity Gateway Wireless is a full router; I download the manual an you can see that it replaces the need for a separate router and is really a fancy Access Point/Modem/Firewall/DHCP box. As it is a router, if you want to use a different router then you need to ensure the Xfinity is set into 'bridged mode'.
If I was you, I would not put the Gateway Wireless into bridged mode, I would ensure that I only used the Xfinity as the only router - there is no sense using the extra networking overhead to make use of multiple routers; altough admittedly it is not yet clear to me if you actually have two routers.
I would take the server out of the DMZ. This is a 'drop-your-pants' all ports open mode typically used for game boxes. You need to make use the the Port Forwarding (NAT) and translate you public I.P. to your server's IP. You need to ensure http port 21 and port 80 are forwarded to the correct machines.
In a properly configured basic port-forward scenario like I describe above, it should not matter if you navigate to the server by:
You also need to ensure that the firewall is set to medium security as otherwise your blocking port 21.
You can make the adjustments logging into the Xfinity admin tool. See the user guide that I linked above to see the typical type of settings and warnings.
cameronm — 2013-01-28T18:37:18-05:00 — #15
I am well aware that in theory, the way you outlined is the way the system should behave. That is why I am posting on here
No second router. I thought I explained that above but perhaps not clear enough. I am using the Xfinity one that you downloaded the manual for. It just behaves like a router, modem, and DHCP box like you said. That said, could NAT be the problem?
The ports 21 and 80 are forwarded to my server's LAN IP.
When I remove it from the DMZ, and leave port forwarding with the responsibility of having it accessible it works fine too. Thanks for the tip.
BIG UPDATE: So, finally, and for some mysterious reason (especially because I haven't changed any significant configuration options that I did not document on this thread, I don't believe) the server is now responding to requests by domain name as well as by IP address. However the new caveat: it is only Apache that is responding. For some reason, the FTP server is still not working. When I FTP the domain or IP, I get a login box but it never lets me log in. No error messages, just keeps "connecting" forever. I have Filezilla users set up alright. Is there something I should look into that I might not be aware of?
Again, thank you all for your contributions thus far. If nothing else, the positive vibes of y'all trying to help caused my server to finally come around!
p.s. sorry about the "bump." I honestly didn't know it was poor form. I am brand new to using forums for problem solving and community, and I had only read them in the past and seen bumps, but had no clue that it was considered poor etiquette.
serverstorm — 2013-01-28T21:26:40-05:00 — #16
How do you know that port 21 is port forwarded? Are you referring to the port forwarding in the Xfinity? If so, how do you have the ftp ports forward. Specifically do you have your public IP 22.214.171.124 on port 21 --.> forwarded to --> 192.168.2.10 (your server IP) on port 21?
If you have this forwarding set-up then does the ftp have any rules that enforce local network connectivity only?
The reason I'm focussing on the FTP is that if you have the port forwarding set-up correctly and you from the WAN ping 126.96.36.199:21 you should get an reply (providing that ICMP is enabled on the Xfinity). If one connects to the ftp from the WAN using a ftp client like Filezilla what does the session say? Does it connect or does it time out?
I think that the IPs now responding are likely due to the fact that you had the server listed in the DMZ and had NAT port-forwards that route into the local network while the DMZ is outside the local network. Unless you define pinholes between the local network and the DMZ the route would die before getting to the DMZ as the highest security normally takes precedent. By eliminating the server in the DMZ the route now can work.
PS: Thanks for laying out there regarding the bump. It is generally considered poor forum behaviour given that if no one responds in a time-frame you would like, it is your responsibility as an OP to come up with further questions to act as a catalyst for people to either understand or illicit a response. No harm no foul; you've done a good job trying to describe your situation and have demonstrated that you are trying to work through it, so you are doing well
cameronm — 2013-01-29T23:01:53-05:00 — #17
Here is what the port forward settings are inside the Xfinity Router/Modem configuration panel at 192.168.1.1 under Advanced --> port forwarding:
Service Name Type Public Port Private Port Server IP Active
FTP TCP/UDP 21 21 192.168.1.2 EDIT X
HTTP TCP/UDP 80 80 192.168.1.2 EDIT X
NOTE: I also have port triggering set up for 80 and 21, but whether or not I have those active or not doesn't seem to change anything.
That (above) is how the ports are forwarded. I am not sure about the public IP thing, but it connects to the server fine when you go to http://mydomain.com, or when you go to ftp://mydomain.com. It also works to go to http://188.8.131.52 (my external/public IP), however it does NOT work to go to ftp://184.108.40.206. In fact, I don't even get a FTP login screen, it just times out.
All of the settings on my Filezilla FTP server are default, so I cannot imagine any rules that enforce local network connectivity only.
I think we're close to solving this baby. Thanks again for all of your continued help and support.
serverstorm — 2013-01-31T11:09:35-05:00 — #18
Have you tried to connect to the ftp using filezilla client rather than through a browser ftp://... ?
I'd like to see the connection attempt that gets logged for every ftp connection that filezilla performs. This may give us a little more info on what is happening to the ftp session.