IP and DNS questions for ispconfig

[cpcpy]

i've installed ispconfig on fc4 successfully...

i have some questions regarding IP and DNS setup requirements...

1) if i intend manage a few (<10) sites using ispconfig, do i need 1 IP address for each site? or the sites can share the same IP address?

2) it seems like the server itself must have a fully qualified domain name, is it correct? if so, must i have a DNS record somewhere else that points to it before i can add new domains?

3) how can i setup the server in my intranet environment to familiarise myself before i put it on the internet for public access? or is this not possible?

thanks

[falko]

Quote:

Originally Posted by cpcpy

1) if i intend manage a few (<10) sites using ispconfig, do i need 1 IP address for each site? or the sites can share the same IP address?

You can have as many sites as you like sharing one IP address, except if you want to host SSL web sites (https). Then you need one IP address per SSL web site.

Quote:

Originally Posted by cpcpy

2) it seems like the server itself must have a fully qualified domain name, is it correct? if so, must i have a DNS record somewhere else that points to it before i can add new domains?

It is strongly recommended that the server has a FQDN pointing to it. And yes, this FQDN must have the appropriate DNS record.
It is possible, however, to set up ISPConfig with just an IP address, but it's not the optimal solution.

Quote:

Originally Posted by cpcpy

3) how can i setup the server in my intranet environment to familiarise myself before i put it on the internet for public access? or is this not possible?

It is possible. When the ISPConfig installer asks you for the hostname and domain name, you leave the hostname empty and enter the IP address as domain. However, this is the not-so-optimal solution mentioned above...
If your server has an FQDN with a DNS record pointing to your router's public IP address, and your router forwards all needed ports (21, 22, 25, 53, 80, 81, 110, 443, ...) to your ISPConfig server, then you can use this FQDN during the installation.
You could also put the FQDN into /etc/hosts and use the FQDN during installation. On your Windows clients you must then also change the hosts file: http://www.howtoforge.com/forums/sho...s+file+windows

[klavslund]

Hi,

This is my first post in theese forums, and I hope that it is ok to continue in this thread, otherwise please correct me. I was happy when I saw the thread, because I have som strange problems which I guess is related to DNS-configuration.

I have 3 private domains controlled on a debian server as standard virtual namebased domains. DNS, DX and web-names for these domains is hosted outside by a serviceprovider on the internet. From my public wan-Ip a switch divides incoming traffic to two routers in order to maintain two seperate LANs.

The webserver has a static ip-adress 192.168.2.98 - Default GW and DNS is 192.168.2.250 (router)

The router has an internal ACL where I have set up that HTTP-traffic and other ports, is directed to the webservers specific IP-adress.

Now I have made a new webserver with ISPconfig in order to better control my domains. It is set up with an IP 192.168.2.88, again GW and DNS is the router. From inside everythings works perfectly, the mailserver as well. But when I switch off the old server, and change the routing table, none of my domains are visible from the outside.

I have tried to add FQDN to the new servers hosts-file also with no luck. I have no extra IP's in the IP-list.

I really hope that someone could be helpfull on this issue.

[klavslund]

From a shell on the new ISPconfig server it is possible to ping the outside world. It is allso responding to a dig FQDN.

Even more strnage is is that when I have changed the routing so it now points to the new ISPconfig-server the old one seems to repond to the outside world even after removing a hosts-entry.

[falko]

Quote:

Originally Posted by klavslund

Even more strnage is is that when I have changed the routing so it now points to the new ISPconfig-server the old one seems to repond to the outside world even after removing a hosts-entry.

I thought you switched off your old server? Is it maybe the browser cache that tricks you?

Don't you get any web pages from the ISPConfig server at all, or only wrong ones (e.g. the Shared-IP page)?

[klavslund]

Hi again,

When I switch off the old server, nothing i visible from the outside. Inside the 192.168.x.x range ISPconfig-server responds correctly when I use FQDN's

I have removed the virtual host domains from the old server, (httpd.conf and hosts), and applied these on the new ISPConfig-server as welle as changing the routing.

I noticed that in my router I also had an opportunity to route which server to respond on DNS, (port 53). I tried to alter this setting, and all of the internal net lost connection. Could it be that ISPconfig has to be the only and primary DNS?

How should I then set this up? 1's NS somewhere outthere, second my router?

[falko]

I don't think the DNS settings have to do with your problems. Leave them as they were before.

Do you have a firewall running on your ISPConfig server? Please post the output of

Code:

iptables -L

[klavslund]

Hi again - I really appreciate your kind help. This is the output from iptables:

Chain INPUT (policy DROP)
target prot opt source destination
DROP tcp -- anywhere 127.0.0.0/8
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
DROP all -- BASE-ADDRESS.MCAST.NET/4 anywhere
PUB_IN all -- anywhere anywhere
PUB_IN all -- anywhere anywhere
PUB_IN all -- anywhere anywhere
DROP all -- anywhere anywhere

Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
DROP all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
PUB_OUT all -- anywhere anywhere
PUB_OUT all -- anywhere anywhere
PUB_OUT all -- anywhere anywhere

Chain INT_IN (0 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere
DROP all -- anywhere anywhere

Chain INT_OUT (0 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere

Chain PAROLE (9 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere

Chain PUB_IN (3 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere icmp destination-unreachable
ACCEPT icmp -- anywhere anywhere icmp echo-reply
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
ACCEPT icmp -- anywhere anywhere icmp echo-request
PAROLE tcp -- anywhere anywhere tcp dpt:ftp
PAROLE tcp -- anywhere anywhere tcp dpt:ssh
PAROLE tcp -- anywhere anywhere tcp dpt:smtp
PAROLE tcp -- anywhere anywhere tcp dpt:domain
PAROLE tcp -- anywhere anywhere tcp dpt:www
PAROLE tcp -- anywhere anywhere tcp dpt:81
PAROLE tcp -- anywhere anywhere tcp dptop3
PAROLE tcp -- anywhere anywhere tcp dpt:https
PAROLE tcp -- anywhere anywhere tcp dpt:10000
ACCEPT udp -- anywhere anywhere udp dpt:domain
DROP icmp -- anywhere anywhere
DROP all -- anywhere anywhere

Chain PUB_OUT (3 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere

[falko]

Looks ok. Are you sure you forwarded the ports from your router to the correct server (ISPConfig server)?

[klavslund]

Even though this is absolutely without meaning - it works now. I checked and changed and rebooted my router many times during this process. But this morning I looked for a new firmware and upgraded the router. Unfortunately this ment that all settings were lost.

I then reconfigured the router as before - and bing - there it was

This once again shows that working with IT is a combination of science and woodoo. Falko - many thanks for your effort. And for other readers I hope that you might find some usefull knowledge in my problems.