Public IP Vs. Private IP, DNS, and NAT

Discussion in 'Server Operation' started by midcarolina, Jul 17, 2011.

  1. midcarolina

    midcarolina New Member

    Ok, after an extremely successful install of ISPConfig 3 using HowToForge's tutorial (walk-through) for Fedora version 14 x86_64, I am a bit stumped. I am having trouble wrapping my head around proper IP usage, and DNS in the system. Ok, first let me say that during install, I created a static IP for the server using 192.168.1.XX. Inside the network, I can access 192.168.1.XX:8080 perfectly. If I leave of :8080 (still inside my network), the Fedora / Apache test page resolves. Publicly, (remote access) does not work. I have the proper port forwarding using a Cisco E1000 router.

    Here is the part that has me mixed-up. My public IP (modem) is 173.93.151.XX This IP (without :8080 for ISPC access) also resolves the Fedora test page. Adding :8080 to the modem IP is page not found.

    Using the "Monitor" tab to check the system, everything is a greenlight (online). So, here are the bottom line issues I am trying to remedy:

    Am I using the proper static IP 192.168.1.XX and if so, why is port forwarding not working correctly?

    What are the correct DNS IP's? Are they the ones from my ISP, or can I create my own?

    Finally, there are so many various options for static DNS and NAT settings in the router configuration that I simply do know what to use. I have been messing with DNS records and VDS or VPServers for quite some time, but this is my first experience creating my own "at home" production webserver, so I have now become a DNS / IP dummy. I am attaching a small screenshot of what ISPConfig shows under "Monitor".

    Thanks in advance for the help.

    Attached Files:

  2. falko

    falko Super Moderator ISPConfig Developer

    You must configure your router to forward port 8080 to your ISPConfig server.

    When you created your sites in ISPConfig, make sure you used your internal IP (192.168.1.x). Also, you router must forward port 80 to your ISPConfig server (I guess it does this already because you get the Fedora test page). Also, make sure you access your web sites using their domain names - if you use the public IP, you will always get the Fedora test page. Of course, for this to work, the domain's DNS records must point to your public IP.

    For DNS records, you must use the public IP because otherwise nobody from outside your LAN can access your sites.
  3. midcarolina

    midcarolina New Member

    Hi Falko,

    Ok, this is the part that gets me. Port forwarding is on in the router for a number of ports that I would need for the server to operate (i.e., 21-ftp,22-ssh,25-smtp, etc. this includes 80 for http:// and 8080) Still no go? So this I am still stumped on.

    The answer for DNS helped a bit, except one item. Do I use the two DNS ips assigned by my ISP for DNS? They are of course the same, except one ends in 51 and the other 52. Or do I use the single public modem IP, in which case their is only one. My nameservers I created myself at my domain registrar, godaddy.
    They are accepted (by godaddy) using the public modem ip and the ISP provider's two DNS ips, using, and

    Much appreciate your time!
  4. falko

    falko Super Moderator ISPConfig Developer

    Check your router's firewall. It is also possible that your ISP blocks some ports.

    If you refer to /etc/resolv.conf, you can put your ISP's DNS servers there (but you don't have to if name resolution is working already).
    For your zones, you must use the public modem IP, and as the nameservers in your zones, you use ns1 and
  5. midcarolina

    midcarolina New Member

    Hi Falko,
    Ok, regarding the router. I did two things. I called my ISP and (I looked-up the FCC laws on this too) informed them that US law states that an ISP - under no circumstance has the right to block any port range from 1 - 65535. They told me that none of the ports were blocked in the modem. So, I temporarily disabled the modem firewall. Still no go. Only within the network.

    The DNS IPs are showing-up just fine in ISPConfig as active, they are included in /etc/hosts (per ISPConfig manual) and in /etc/resolv.conf Only I get a DNS error page from my ISP (Time Warner) when I tried to launch a simple site.

    I could use godaddy's nameservers and point the A record @ to the public IP of the modem, but theoretically I would lose mail control in ISPConfig and this would have to be done through godaddy which I really don't want to do.

    Thanks for your patience.

Share This Page