Plesk behind Firewall + NAT

[arrkerr]

My plesk server has a private IP address - it is NATed through a firewall.

Is this a supported configuration?

The plesk server thinks its IP address is 192.168.0.10, when in reality it is x.x.x.x. When the DNS is set up it uses the internal IP, rather than the external. Is there a place in plesk where I can say X ip address is really Y ip address, and have it be smart enough to use Y in the DNS but still X in the apache config, etc.?

 

[Nicochet]

Hi,

Like you i am new over here. There is no place in plesk to translate private IP into public, but you can define the default dns records to point to the public ip. After that, in your router you have to translate the public ports to the private ip ports using nat, and that's it. I have it working perfectly that way right now.

 

[arrkerr]

You're right! Not the most glorious solution, but a good one non the less. Thanks!

 

[Amin Taheri]

I have it setup similar as well, although every site on the box has a private IP, even in local DNS.

Then the Router has a NAT table that routes each public to the corresponding private. If some one has a dedicated IP, as far as Plesk is concerned its a private IP, while the NAT router does all the heavy lifting.

 

[arrkerr]

HostingGuy - how do you deal with outside DNS lookups though? When a domain is added to plesk it creates the DNS zone with the local IP. If someone outside does a DNS lookup on that domain they'll get an internal IP...

 

[arrkerr]

I found that if you set up a DNS template with your public IP your clients will then get this message on their screen, which is BAD:

Warning: The domain name <domain name> resolves to the IP address <public ip>. Your Web site is assigned the IP address <private ip>. If your Web site does not open in a Web browser when you refer to it by its domain name, go to the DNS management screen (Domains > Domain name > DNS) and change the properties of the A resource record: assign the IP address <private ip> to the domain name 4ims.net.

Do people that work for plesk read these forums or just users? You'd think someone from swsoft would at least have a comment, even if it is 'it doesn't work'.

 

[prowler318]

I just tell my clients to ingore that. You can have a message sent out to all of your clients notifying them that you use private IP for their protection of data or something.
Or you can purchase a watchguard, juniper, or asa / pix to do a drop in type configuration and use public IP on your linux box. I have both a watchguard and pix but I had our firewalls configured for 1 to 1 nat before I started using plesk. So unless I change everything or purchase another firewall just for the plesk servers then I will have to stay with the nat setup. Albeit, I could add an interface to the pix and use a DMZ with public addresses. Not worth it yet!

Prowler318.

 

[Amin Taheri]

HostingGuy - how do you deal with outside DNS lookups though? When a domain is added to plesk it creates the DNS zone with the local IP. If someone outside does a DNS lookup on that domain they'll get an internal IP...

We actually use our own DNS on external windows servers, we use event handlers to craete the zones when clients first add the domains, and after that we dont allow them to modify the dns zone so unless there are sub domains (which we also pick up) there are no modificatinos done to DNS.

We also do Mail on external windows servers so there is no mail, and we do Mysql4&5 on external (you guessed it) windows servers

We were a windows shared hosting "household" and plugged in Plesk to our existing infrastructure.

I also dont recomend a DMZ as that can lower your security and increase your exposure on the net, but if you do use DMZ make sure you configure your router properly and install local firewalls like apf or something.