• The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Plesk DNS behind firewall and switch

B

bluefossil

Guest
Hi all,

I have just set up Plesk 7.5.4 on my RHEL4 box, which is sitting behind a Cisco PIX506E firewall and Cisco Catalyst 2950 switch with NAT. I am now trying to set up a new domain, let's call it example.com.

I have registered ns1.example.com (x.x.x.34) and ns2.example.com (x.x.x.35) as the nameserver domains. In Plesk, I manually added the public IP address x.x.x.39 and assign this IP to the new domain in order for Plesk to create the DNS entries in public IPs instead of private.

This is an example of the DNS setup for this domain:
Code: 
example.com.	NS	ns1.example.com.	
example.com.	NS	ns2.example.com.	
example.com.	A	x.x.x.39	
webmail.example.com.	A	x.x.x.39	
pop.example.com.	A	x.x.x.39	
smtp.example.com.	A	x.x.x.39	
ns1.example.com.	A	x.x.x.34	
ns2.example.com.	A	x.x.x.35	
ftp.example.com.	CNAME	example.com.	
www.example.com.	CNAME	example.com.
example.com.	MX (10)	pop.example.com.	
x.x.x.39 / 24	PTR	example.com.

I also manually added A records for ns1.example.com and ns2.example.com as you can see above.

With that all set up, I tried to surf to www.example.com, but was greet by the "Default PLESK page", instead of the placeholder page for example.com that I was expecting.

Have I made some mistakes in the setup that I missed out? Is there any impact in adding public IPs into the mix of the private IPs in the Plesk interface?
 
Are you using a different IP for the internal network from the external network?

If so, DNS for a domain needs to be set to the external IP, but the physical hosting needs to be set to the internal network IP so Apache knows what to reply to. Since NAT will change requests into the internal network IP, Apache needs to know to respond to the internal IP, it wont get requests using the external IP. I have to do this for my servers in a DMZ.
 
Sieb,

Great! I finally got it to work, but I thought I should post my solution here in case someone stumbles upon this in future seeking an answer.

I took your advice, and went ahead to manually edit the httpd.include file for that domain from public IP to private IP. And sure enough, the site got to working instantly.

Now, the problem was that Plesk writes both the DNS and the Apache files, but these two files need public IP and private IP respectively. Basically, it means it's impossible to do it through Plesk without manually editing one of the files...

Until I found out about DNS Rewrite in my Cisco firewall. That feature is able to send the correct public IP address to the outside from the inside DNS server. So I enabled it, and configured Plesk to only use the private IPs when writing the DNS and Apache files, and voila, it now works smoothly.

Erm, I hope that doesn't add to the confusion. Hope it helps anyone with the similar kind of setup as mine.

Cheers!


Originally posted by sieb
Are you using a different IP for the internal network from the external network?

If so, DNS for a domain needs to be set to the external IP, but the physical hosting needs to be set to the internal network IP so Apache knows what to reply to. Since NAT will change requests into the internal network IP, Apache needs to know to respond to the internal IP, it wont get requests using the external IP. I have to do this for my servers in a DMZ.
Click to expand...
 
Actually, you took the hard path :p. In PSA, you need to bind both the internal and external IP to the server so they are in the IP Pool. Then, when you setup websites, give the account both IPs from the pool. When it asks for the IP of the physical hosting setup, give it the internal IP. This will cause it to default the DNS to the internal IP as well. To fix that, just go into the sites DNS settings and default it to the external IP. No need to mess with the configs because as you said, PSA rewrites those.


Following my instructions sets Bind to send out dns requests/updates using the correct external IP, and sets Apache to listen for requests coming to the internal IP since the router transforms packets as it passes them through NAT.

*NOTE* that I have found on some RH installs, when you bind another IP to the network adapter in PSA, it will create a sub interface config file in /etc/sysconfig/scripts IIRC. So there will be a en0:00 and en0:01 or thereabouts. Delete the subinterface config and restart the network service. Otherwise this setup won't work. We don't want the network service to use sub-interfaces since this is still technically interfacing with one network subnet, you only need PSA to tell Apache to listen to a different IP request coming in on that network interface.

I should probably write a how-to about this when I get a chance. :D
 
You must log in or register to reply here.

Similar threads

C
Issue Problem with Changing DNS on a Plesk Server
Replies
0
Views
629
creativesstudio
C
H
Issue Plesk DNS configuration question
Replies
3
Views
1K
scsa20
scsa20
R
Issue Setting Plesk as primary DNS with GoDaddy
Replies
1
Views
1K
Cory
C
C
Unable to create A DNS record with underscore in Plesk: The specified domain name is not valid. You need to specify a valid domain name like domain.co
Replies
6
Views
2K
scsa20
scsa20
S
Issue domain not resolving (1st domain created using plesk)
Replies
9
Views
3K
Peter Debik
P
Back
Top