Completely Lost

Richard Urwin RUrwin at SRHSYSTEMS.com
Thu Nov 9 11:46:36 UTC 2006 

From: n3m3s1s 4u
Sent: 18 October 2006 09:41
>>>> n3m3s1s
Well I have been all over - read all there is about DNS and bind - Read
Howto forums etc - but still seem to be stumbling on something - but cant
put my finger on it.

Here are my objectives but not sure if i am taking things further than i
need and would really appreciate some help. 

I have got a 123-reg domain - mywebspace.co.uk (here i am allowed to change
everything on dns, nameservers, A records CNAME's etc.

I have a Ubuntu -server installation on my personal home machine (running at
the moment as a virtual machine Until i get things right) 

I have pointed my domain name to the external (static) Ip address of my
router - 888.888.888.888 (for eg)
I have configure my router to forward ports on 8080, 80, 23, 21, 110, 10000
etc etc to the internal ip address (static)  192.168.1.10

<<<<< Richard
You almost certainly shouldn't be forwarding all those ports. Each port you
forward is a security risk. Those are incoming ports, right? Outgoing
connections don't use those forwarding rules; you don't need to forward port
110 to get mail with POP3, only to allow someone else to get mail _from_
your PC. The only ports you forward incoming should be those ports you need
to use and are sure that you have the corresponding server configured
securely. In particular Telnet (port 23) is a Bad Thing, but you may have
meant 25 (SMTP).

A fairly secure and usable starting point is "Nothing In, Everything Out",
then poke holes in as and when you need to. My setup allows nothing in
except ping replies and SMTP. If I ran a webserver I'd also have to allow
port 80, and similarly for FTP. I only allow SMTP in because I run a mail
server - most people wouldn't need that.

>>>>> n3m3s1s
My true intentions are : to have multiple webpages under my domain name :
like - me.mywebspace.co.uk and mymate.mywebspace.co.uk and once i have email
set up for EVERYTHING at mywebspace.co.uk to goto a web login at say
webmail.mywebspace.co.uk . (obviosly will have all the mail stuff set up
according to the howtoforge guid on 6.06 perfect setup)

<<<<< Richard
There are two ways to do this, and doing it without having a seperate static
address for each domain will mean that you cannot use SSL, so you cannot
have a secure server for your mail server.

See http://httpd.apache.org/docs/1.3/vhosts/name-based.html (second
paragraph)

So using Name-based Virtual Hosts can be done with a single IP address, but
cannot implement a secure server and may fail when you use very old
browsers. Whereas IP-based Virtual Hosts can implement a secure server and
will work well but you will need multiple static IP addresses. Multiple
addresses are probably available from your ISP, but they will cost a little
more.

Of course you can have multiple web _pages_ by using the URL
mywebspace.co.uk/me/index.html and mywebspace.co.uk/mymate/index.html
What you are doing is trying to have multiple web _sites_.

>>>>> n3m3s1s
Now I am not sure if i need it but I looked and attempted to use ISPconfig
but this seems to confuse me more. 

The front end to it all - I would love to use the Joomla system (as i know
how to ue it for a single web system) but not sure what i need to do to
manage more than one webpage.

<<<<< Richard
I don't know either of these things, but your initial problems are not on
the PC, they're on the router and nameserver.


>>>>> n3m3s1s
What is getting to me the most is DNS and nameservers etc. I have tried so
many different things - but not sure how involved i need to be with the
configs. 

<<<<< Richard
This is my set-up:
www.mydomain.org.uk "A" record to 123reg's web redirector server. (I don't
run my own web server.)
mydomain.org.uk "A" record to 123reg's web redirector server. (That
surprises me.)
                "MX" record, preference=10 to mypc.mydomain.org.uk (MX is
the mail redirection info)
                "MX" record, preference=20 to a server at the ISP willing to
act as backup mail server.
mypc.mydomain.org.uk "A" record to my static IP address (for example
196.77.77.77).
77.77.77.196.in-addr.arpa "PTR" record to mypc.mydomain.org.uk (the "reverse
lookup")

>>>>> n3m3s1s
Do i need to have my own nameserver? ns.mywebspace.co.uk and configure the
control panel at 123-reg to point my name server to this ns.mywebspace.co.uk
and the (external or internal) ip address of it?

<<<<< Richard
No, and it would be a bad idea. 123reg.co.uk does everything you need and
almost certainly has better servers than you.

>>>>> n3m3s1s
when i edit the /etv/hosts file - server1.mywebspace.co.uk - do i use
192.168.1.10 or the external ip address of my router?
<<<<< Richard
Everything inside the router knows nothing about the external address and
vice-versa. The router is the only device that knows both addresses. On your
PC you use only internal addresses.

>>>>> n3m3s1s
do i need to edit or creater /etc/resolv.conf ? what do i need to put in
there?
<<<<< Richard
No

>>>>> n3m3s1s
If i need to create a nameserver - what should i do? (they mention 2 name
server are needed) but i have one server - what do i point to as the second
server? 
<<<<< Richard
You don't

>>>>> n3m3s1s
If i want to create a subdomain - webmail.mywebspace.co.uk - how do i go
about doing it?

<<<<< Richard
For Name-based Virtual Hosts:

You create an A record for your PC. That needs to be a name.domain sort of
thing. You create a reverse entry in the other direction.

mypc.mywebspace.co.uk "A" record to 888.888.888.888
888.888.888.888.in-addr.arpa "PTR" record to mypc.mywebspace.co.uk

You create CNAME records for each subdomain all pointing at the domain.

www.me.mywebspace.co.uk "CNAME" record to mypc.mywebspace.co.uk
www.mymate.mywebspace.co.uk "CNAME" record to mypc.mywebspace.co.uk

Set-up your webserver for name-based Virtual Hosts. See
http://httpd.apache.org/docs/1.3/vhosts/name-based.html



For IP-based Virtual Hosts it goes like this-

You create A records for each subdomain, all pointing at a seperate IP
address in your static range. You create reverse entries in the other
direction.

www.me.mywebspace.co.uk "A" record to 888.888.888.001
001.888.888.888.in-addr.arpa "PTR" record to me.mywebspace.co.uk
www.mymate.mywebspace.co.uk "A" record to 888.888.888.002
002.888.888.888.in-addr.arpa "PTR" record to mymate.mywebspace.co.uk

If I remember correctly the reverse entries are created automatically by
123reg if you check a checkbox.

You configure your router to NAT packets on port 80 of 888.888.888.001 to
port 80 of 192.168.1.10, and to NAT packets on port 80 of 888.888.888.002 to
port 81 of 192.168.1.10 (ie the same address, different port), and so on.

You configure your webserver (apache or whatever) to listen to both ports 80
and 81 and to identify as me.mydomain.co.uk on port 80 and as
mymate.mydomain.co.uk on port 81. see
http://httpd.apache.org/docs/1.3/vhosts/ip-based.html
(ignore the advice to use virtual interfaces, that work is being done by
your router.)


 
HTH

-- 
R Urwin
private

______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________

More information about the ubuntu-users mailing list