IP and DNS questions for ispconfig

Discussion in 'Installation/Configuration' started by cpcpy, Feb 7, 2006.

  1. cpcpy

    cpcpy New Member

    i've installed ispconfig on fc4 successfully...

    i have some questions regarding IP and DNS setup requirements...

    1) if i intend manage a few (<10) sites using ispconfig, do i need 1 IP address for each site? or the sites can share the same IP address?

    2) it seems like the server itself must have a fully qualified domain name, is it correct? if so, must i have a DNS record somewhere else that points to it before i can add new domains?

    3) how can i setup the server in my intranet environment to familiarise myself before i put it on the internet for public access? or is this not possible?

    thanks
     
  2. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

    You can have as many sites as you like sharing one IP address, except if you want to host SSL web sites (https). Then you need one IP address per SSL web site.

    It is strongly recommended that the server has a FQDN pointing to it. And yes, this FQDN must have the appropriate DNS record.
    It is possible, however, to set up ISPConfig with just an IP address, but it's not the optimal solution.

    It is possible. When the ISPConfig installer asks you for the hostname and domain name, you leave the hostname empty and enter the IP address as domain. However, this is the not-so-optimal solution mentioned above...
    If your server has an FQDN with a DNS record pointing to your router's public IP address, and your router forwards all needed ports (21, 22, 25, 53, 80, 81, 110, 443, ...) to your ISPConfig server, then you can use this FQDN during the installation.
    You could also put the FQDN into /etc/hosts and use the FQDN during installation. On your Windows clients you must then also change the hosts file: http://www.howtoforge.com/forums/showthread.php?t=432&highlight=hosts file windows
     
  3. klavslund

    klavslund New Member

    Related kind of problem? Server not accessible from outside.

    Hi,

    This is my first post in theese forums, and I hope that it is ok to continue in this thread, otherwise please correct me. I was happy when I saw the thread, because I have som strange problems which I guess is related to DNS-configuration.

    I have 3 private domains controlled on a debian server as standard virtual namebased domains. DNS, DX and web-names for these domains is hosted outside by a serviceprovider on the internet. From my public wan-Ip a switch divides incoming traffic to two routers in order to maintain two seperate LANs.

    The webserver has a static ip-adress 192.168.2.98 - Default GW and DNS is 192.168.2.250 (router)

    The router has an internal ACL where I have set up that HTTP-traffic and other ports, is directed to the webservers specific IP-adress.

    Now I have made a new webserver with ISPconfig in order to better control my domains. It is set up with an IP 192.168.2.88, again GW and DNS is the router. From inside everythings works perfectly, the mailserver as well. But when I switch off the old server, and change the routing table, none of my domains are visible from the outside.

    I have tried to add FQDN to the new servers hosts-file also with no luck. I have no extra IP's in the IP-list.

    I really hope that someone could be helpfull on this issue.
     
  4. klavslund

    klavslund New Member

    Addendum to the above

    From a shell on the new ISPconfig server it is possible to ping the outside world. It is allso responding to a dig FQDN.

    Even more strnage is is that when I have changed the routing so it now points to the new ISPconfig-server the old one seems to repond to the outside world even after removing a hosts-entry.
     
  5. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

    I thought you switched off your old server? Is it maybe the browser cache that tricks you?

    Don't you get any web pages from the ISPConfig server at all, or only wrong ones (e.g. the Shared-IP page)?
     
  6. klavslund

    klavslund New Member

    Hi again,

    When I switch off the old server, nothing i visible from the outside. Inside the 192.168.x.x range ISPconfig-server responds correctly when I use FQDN's

    I have removed the virtual host domains from the old server, (httpd.conf and hosts), and applied these on the new ISPConfig-server as welle as changing the routing.

    I noticed that in my router I also had an opportunity to route which server to respond on DNS, (port 53). I tried to alter this setting, and all of the internal net lost connection. Could it be that ISPconfig has to be the only and primary DNS?

    How should I then set this up? 1's NS somewhere outthere, second my router?
     
  7. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

    I don't think the DNS settings have to do with your problems. Leave them as they were before.

    Do you have a firewall running on your ISPConfig server? Please post the output of
    Code:
    iptables -L
     
  8. klavslund

    klavslund New Member

    Hi again - I really appreciate your kind help. This is the output from iptables:

    Chain INPUT (policy DROP)
    target prot opt source destination
    DROP tcp -- anywhere 127.0.0.0/8
    ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
    ACCEPT all -- anywhere anywhere
    DROP all -- BASE-ADDRESS.MCAST.NET/4 anywhere
    PUB_IN all -- anywhere anywhere
    PUB_IN all -- anywhere anywhere
    PUB_IN all -- anywhere anywhere
    DROP all -- anywhere anywhere

    Chain FORWARD (policy DROP)
    target prot opt source destination
    ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
    DROP all -- anywhere anywhere

    Chain OUTPUT (policy ACCEPT)
    target prot opt source destination
    PUB_OUT all -- anywhere anywhere
    PUB_OUT all -- anywhere anywhere
    PUB_OUT all -- anywhere anywhere

    Chain INT_IN (0 references)
    target prot opt source destination
    ACCEPT icmp -- anywhere anywhere
    DROP all -- anywhere anywhere

    Chain INT_OUT (0 references)
    target prot opt source destination
    ACCEPT icmp -- anywhere anywhere
    ACCEPT all -- anywhere anywhere

    Chain PAROLE (9 references)
    target prot opt source destination
    ACCEPT all -- anywhere anywhere

    Chain PUB_IN (3 references)
    target prot opt source destination
    ACCEPT icmp -- anywhere anywhere icmp destination-unreachable
    ACCEPT icmp -- anywhere anywhere icmp echo-reply
    ACCEPT icmp -- anywhere anywhere icmp time-exceeded
    ACCEPT icmp -- anywhere anywhere icmp echo-request
    PAROLE tcp -- anywhere anywhere tcp dpt:ftp
    PAROLE tcp -- anywhere anywhere tcp dpt:ssh
    PAROLE tcp -- anywhere anywhere tcp dpt:smtp
    PAROLE tcp -- anywhere anywhere tcp dpt:domain
    PAROLE tcp -- anywhere anywhere tcp dpt:www
    PAROLE tcp -- anywhere anywhere tcp dpt:81
    PAROLE tcp -- anywhere anywhere tcp dpt:pop3
    PAROLE tcp -- anywhere anywhere tcp dpt:https
    PAROLE tcp -- anywhere anywhere tcp dpt:10000
    ACCEPT udp -- anywhere anywhere udp dpt:domain
    DROP icmp -- anywhere anywhere
    DROP all -- anywhere anywhere

    Chain PUB_OUT (3 references)
    target prot opt source destination
    ACCEPT all -- anywhere anywhere
     
  9. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

    Looks ok. Are you sure you forwarded the ports from your router to the correct server (ISPConfig server)?
     
  10. klavslund

    klavslund New Member

    Even though this is absolutely without meaning - it works now. I checked and changed and rebooted my router many times during this process. But this morning I looked for a new firmware and upgraded the router. Unfortunately this ment that all settings were lost.

    I then reconfigured the router as before - and bing - there it was :)

    This once again shows that working with IT is a combination of science and woodoo. Falko - many thanks for your effort. And for other readers I hope that you might find some usefull knowledge in my problems.
     
  11. cpcpy

    cpcpy New Member

    klavslund, glad you solved your problem...
    back to me, i have further questions... :)

    this is what i have:
    1) new box FC4 + ISPConfig installed
    2) registered a new domain name (example.com)
    3) 4 IP addresses given by my ISP (ip1, ip2, ip3, ip4)
    4) rack space with my ISP

    am i correct to say that i can do this when i bring my server to my ISP rack:

    1) setup the box with IPADDR = ip1
    2) get my ISP to host the DNS for example.com (and point to ip1)
    3) login to www.example.com:81/login.php and start creating new sites

    ===================

    Q1) for new sites (eg example2.com), will i be able to host the DNS myself?
    Q2) if one of my sites (eg https://www.example3.com) require SSL, can i add another IP address (ip2) and enable it using ISPConfig?
    Q3) i can create sub-domains (eg app.example2.com, mail.example2.com) at will?
    Q4) i can create unlimited user/email/ftp account (eg user1@example2.com, user2@example2.com) at will?

    thanks!
     
  12. till

    till Super Moderator Howtoforge Staff HowtoForge Supporter ISPConfig Developer

    yes.

    Yes. Just add the IP address in ISPConfig under management > server > settings in the IP-List field, one IP per line.

    Yes.

    Yes. Only limited by your hardware though ;)
     
  13. cpcpy

    cpcpy New Member

    thanks x 4

    :)
     
  14. cpcpy

    cpcpy New Member

    is it possible to install tomcat for the sites created using ISPConfig?
     
  15. cpcpy

    cpcpy New Member

    another question...

    for a new site that is created by ISPConfig, (www.example2.com) the DNS will be hosted by my box...

    however, the domain registra of example2.com would require primary and secondary DNS servers right? then who shall be my secondary DNS server?
     
  16. till

    till Super Moderator Howtoforge Staff HowtoForge Supporter ISPConfig Developer

    There are several possibilitys:

    1) Point both nameserver entries to your server IP. But if your server fails, the domain will not be reachable anymore in DNS. On the other hand, if Mail and Webserver are on the same server anyway, it does not make a big difference if DNS fails too :)

    2) You need a second server.

    3) If i remember correctly, there are some free secondary DNS hosting services. My be you find some in the search engines (not to name googling ;)

    4) Maybe your domain regitry provides secondary DNS services, some registrys provide secondary DNS even for free.

    Many choices, now its up to you :)
     
  17. till

    till Super Moderator Howtoforge Staff HowtoForge Supporter ISPConfig Developer

    I dont understand how your question is related to this thread. This thread is about the options for a secondary DNS for ISPConfig. ISPCOnfig 2 supports only BIND.

    can you please explain it a bit more :)
     
    Last edited: Feb 10, 2006
  18. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

    Please post this in the MyDNSConfig forum: http://www.howtoforge.com/forums/forumdisplay.php?f=21
     
  19. cpcpy

    cpcpy New Member

    some questions:

    1) notice that apache is showing directory listing - which config file must i update to disable it?

    2) after configuring ispconfig, is it recommended that i reserve the "main" FQDM just for accessing ispconfig control panel, or i can use it just like any sites of mine

    thanks
     
  20. till

    till Super Moderator Howtoforge Staff HowtoForge Supporter ISPConfig Developer

    Directory listings are disabled in ISPCOnfig by default, have you abled them manually in your apache configuration.

    The apache directive is:

    Code:
    Options -Indexes
    The configuration in your httpd.conf (or apache.conf / apache2.conf) should look ike this:

    Code:
    <Directory /home/www/*/web>
        Options +Includes +FollowSymlinks -Indexes
        AllowOverride Indexes AuthConfig Limit FileInfo
        Order allow,deny
        Allow from all
    
        <Files ~ "^\.ht">
        Deny from all
        </Files>
    </Directory>
    Code:
    2) after configuring ispconfig, is it recommended that i reserve the "main" FQDM just for accessing ispconfig control panel, or i can use it just like any sites of mine
    Your main FQDM shall be onloy used for the controlpanel.
     

Share This Page