# can not access own web server from within own box with FQDN



## MNIHKLOM (Oct 25, 2012)

Hi sirs,

After watching and scan this forums  for a few days,  I have some questions about
 networking or DNS or whatever that I do not know exactly to ask.

I have my notebook connected to the internet through the home phone by ADSL router.  It 
always gives me a rang of dynamic private ip numbers, 192.168.1.3 to 192.168.1.nnn and it 
assigns the ip number 192.168.1.1 to itself.

I installed apache22, firefox, ddclient to my box.  I can access to my web server by pointing firefox to http://localhost.  
Now that I have an account with some dynamic DNS service and get name for my notebook and sure that 
I run ddclient with script given from such a dynamic DNS services.  

The problem occurs when I access my web server with the name assigned from that service, 
it asked for User name/password of the router and  give me 'can not access 
to http://<name assigned form dynamic DNS service>' at the end

I am using FreeBSD 9.0-stable and here is the uname -a

```
FreeBSD mni.srimali.in.th 9.0-STABLE FreeBSD 9.0-STABLE #18: Wed Jun 27 12:38:20 ICT 2012     root@mni.jes.in.th:/kaitag/obj/usr/src/sys/THUNYALICE  amd64
```

I set firewall type to OPEN, and firewall_enable to YES and firewall_nat_enable to YES too
and here are diff of my kernel and the generic one

```
####diff####
% diff THUNYALICE GENERIC 
2c2
< # THUNYALICE -- Generic kernel configuration file for FreeBSD/amd64
---
> # GENERIC -- Generic kernel configuration file for FreeBSD/amd64
19,20c19
< # $FreeBSD: src/sys/amd64/conf/GENERIC,v 1.568.2.11 2012/04/02 18:13:29 jkim Exp $
< 
---
> # $FreeBSD: src/sys/amd64/conf/GENERIC,v 1.568.2.13 2012/05/24 03:45:13 mav Exp $
23,26c22
< ident		THUNYALICE
< 
< # To statically compile in device wiring instead of /boot/device.hints
< hints		"THUNYALICE.hints"	# Default places to look for devices.
---
> ident		GENERIC
28,34c24
< # Use the following to compile in values accessible to the kernel
< # through getenv() (or kenv(1) in userland). The format of the file
< # is 'variable=value', see kenv(1)
< #
< # env		"GENERIC.env"
< 
< #makeoptions	DEBUG=-g		# Build kernel with gdb(1) debug symbols
---
> makeoptions	DEBUG=-g		# Build kernel with gdb(1) debug symbols
55a46
> options 	GEOM_RAID		# Soft RAID functionality.
57d47
< options 	COMPAT_43TTY		# BSD 4.3 TTY compat (sgtty)
69d58
< options 	P1003_1B_SEMAPHORES	# POSIX-style semaphores
76d64
< options 	FLOWTABLE		# per-cpu routing cache
80d67
< 
91,100d77
< device		pci
< #
< # ACPI support using the Intel ACPI Component Architecture reference
< # implementation.
< #
< # ACPI_DEBUG enables the use of the debug.acpi.level and debug.acpi.layer
< # kernel environment variables to select initial debugging levels for the
< # Intel ACPICA code.  (Note that the Intel code must also have USE_DEBUGGER
< # defined when it is built).
< 
102,103c79
< options 	ACPI_DEBUG
< 
---
> device		pci
112,115c88
< #device		atadisk		# ATA disk drives
< #device		ataraid		# ATA RAID drives
< #device		atapicd		# ATAPI CDROM drives
< #device		atapifd		# ATAPI floppy drives
---
> options 	ATA_STATIC_ID	# Static device numbering
118,119d90
< #device		atapist		# ATAPI tape drives
< options 	ATA_STATIC_ID	# Static device numbering
144c115
< # SCSI peripherals
---
> # ATA/SCSI peripherals
167d137
< device		tws		# LSI 3ware 9750 SATA+SAS 6Gb/s RAID controller
177a148
> device		tws		# LSI 3ware 9750 SATA+SAS 6Gb/s RAID controller
214,217c185
< # If you've got a "dumb" serial or parallel PCI card that is
< # supported by the puc(4) glue driver, uncomment the following
< # line to enable it (connects to sio, uart and/or ppc drivers):
< device		puc
---
> device		puc		# Multi I/O cards and multi-channel UARTs
288c256
< device		ath		# Atheros pci/cardbus NIC's
---
> device		ath		# Atheros NIC's
291a260
> device		ath_rate_sample	# SampleRate tx rate control for ath
299d267
< device		ath_rate_sample	# SampleRate tx rate control for ath
328c296
< #device		udbp		# USB Double Bulk Pipe devices
---
> #device		udbp		# USB Double Bulk Pipe devices (needs netgraph)
363a332
> # sbp(4) works for some systems but causes boot failure on others
370d338
< 
372a341,343
> device		snd_cmi		# CMedia CMI8338/CMI8738
> device		snd_csa		# Crystal Semiconductor CS461x/428x
> device		snd_emu10kx	# Creative SoundBlaster Live! and Audigy
378,437d348
< 
< 
< ########
< options      COMPAT_43
< ########
< 
< 
< options IPFIREWALL    
< options IPFIREWALL_VERBOSE    
< options IPFIREWALL_VERBOSE_LIMIT=100	#limit verbosity
< options IPFIREWALL_FORWARD    
< options IPFIREWALL_NAT		#ipfw kernel nat support
< #
< # LIBALIAS. To build an ipfw kld with nat support enabled, add
< #
< options LIBALIAS
< options IPFIREWALL_DEFAULT_TO_ACCEPT	#allow everything by default
< options	IPFILTER		#ipfilter support
< options	IPFILTER_LOG		#ipfilter logging
< options	IPFILTER_LOOKUP		#ipfilter pools
< options IPDIVERT
< 
< options	SC_HISTORY_SIZE=800     # number of history buffer lines
< 
< device	speaker		#Play IBM BASIC-style noises out your speaker
< #
< #
< #
< options	CAPABILITIES	# fine-grained rights on file descriptors
< options	CAPABILITY_MODE	# sandboxes with no global namespace access
< 
< options	RACCT
< # Resource Limits
< options	RCTL
< 
< # The pf packet filter consists of three devices:
< #  The `pf' device provides /dev/pf and the firewall code itself.
< #  The `pflog' device provides the pflog0 interface which logs packets.
< #  The `pfsync' device provides the pfsync0 interface used for
< #   synchronization of firewall state tables (over the net).
< #######
< ###
< ### either pf or ipfw but not both
< ### on May 30 2012 morning finding from forums.freebsd.org
< ### forums.freebsd.org/showthread.php?t=32250 (May 24 2012)
< ### so I commented 3(three) pf devices 
< ###
< ##device		pf
< ##device		pflog
< ##device		pfsync
< ###
< #######
< #
< # Temperature sensors:
< #
< # coretemp: on-die sensor on Intel Core and newer CPUs
< # amdtemp: on-die sensor on AMD K8/K10/K11 CPUs
< #
< device		coretemp
< #device		amdtemp
####diff end####
```

My question is that why I can not access my web server from within my notebook via the 
FQDN from dynamic DNS services, but local access is OK.

Apologized me for my broken English.

Any helps and hints are welcome and appreciated.

with best regards,
MNIHKLOM


----------



## SirDice (Oct 25, 2012)

You can't connect to it because the DNS service uses your _external_ address. That address is assigned to your router. 

You can access it from _outside_ your local network if you add a port forward on your router.


----------



## MNIHKLOM (Oct 25, 2012)

SirDice said:
			
		

> You can't connect to it because the DNS service uses your _external_ address. That address is assigned to your router.
> 
> You can access it from _outside_ your local network if you add a port forward on your router.



Hi SirDice,

Thanks indeed for a quick response.  From your answer, that means that I can access my web server with that FQDN only from outside my private ip number ?

with best regards,
MNIHKLOM


----------



## SirDice (Oct 25, 2012)

MNIHKLOM said:
			
		

> Thanks indeed for a quick response.  From your answer, that means that I can access my web server with that FQDN only from outside my private ip number?


Outside your local network, yes.


----------



## fluca1978 (Oct 25, 2012)

MNIHKLOM said:
			
		

> From your answer, that means that I can access my web server with that FQDN only from outside my private ip number ?



Partially correct: you can access the web server with your FQDN but that would be resolved to the router public interface (the ADSL one) that will send back the connection to the computer if a port forwarding is configured. 

You can also configure your local name resolver adding (manually) the FQDN and web server name so that it points to your local computer too, so that the FQDN will not be resolved via DNS and you will be able to connect to the web server also on the private network. 

By the way, please do not post the kernel configuration for such a problem, that is not related at all to the kernel. Posting the kernel version does suffice for a lot of questions, and if the kernel configuration is needed, you will be asked for.


----------



## SirDice (Oct 25, 2012)

fluca1978 said:
			
		

> By the way, please do not post the kernel configuration for such a problem, that is not related at all to the kernel. Posting the kernel version does suffice for a lot of questions, and if the kernel configuration is needed, you will be asked for.


To be honest I much rather have people post too much information than too little


----------



## MNIHKLOM (Oct 25, 2012)

SirDice said:
			
		

> Outside your local network, yes.


Many thanks for your helps, SirDice.  I have to rethinking on my next asking but not before scanning this forums for some related case.  It will be on setting up sendmail to work with my private network.

Once more time, I really thank SirDice very much for your helps and hints and your valuable times.

with best regards,
MNIHKLOM


----------

