I've been on holiday, so thats why I didn't reply earlier
On 13/09/10 04:11, brownh wrote:
Allan, thanks for the input. I'm about to change my location, and will
not be in a position to take any corrective action, but your points
I'll keep in mind when I return.
Alan Chandler<a...@chandlerfamily.org.uk> writes:
I can give my domain an ip-address, and I can also give subdomains
such as www.hartley-consultants.com and mail.hartley-consultants.com
An ability to assign an IP address was news to me. Tomorrow I'll be in
touch with my web hosting service and will ask them about it. They are
Linux-friendly, but my ISP is a hopeless case.
If you look up these two names with anyone of several commands - such as...
host www.hartley-consultants.com and
host mail.harlley-consultants.com
I get the point, but for ssh the target is not a mail account or web
site, but a host. If you could assign an IP to
chandlerfamily.org.uk it would seem to solve the problem. In other
words, how does a nameserver know to send income u...@domain to a mail
server rather than web server?
The "nameserver" for chandlerfamily.org.uk is defined in the registrar
for the "org.uk" domain. That name server is at the registrar at which
I bought my domain name, and they provide a web based interface to alter
the details
The adding of those entries at the org.uk server and the hosting of my
nameserver records at the nameserver of my registrar is what I pay for
when I "rented" the domain name for two years.
All these names point I refer to above to hosts. If they have the right
server software running (mail, web, ssh daemon) then that software picks
up the request. These services have ports associated with them (25 for
mail, 80 for web, 22 for ssh etc)
Mail is a slightly special case - see below
if I ssh to mail.hartley-consultants.com I should get to where my
mail is sent.
When you say, "where my mail is sent", it seems you mean the local
host.
NO.
There is a special record (called an MX record) which says which machine
serves mail for the domain. In my case the MX record for
hartley-consultants points to a machine which is
home.chandlerfamily.org.uk.
When you want to send mail to x...@hartley-consultants.com, your mail
server looks up the MX record for hartley-consultants (actually there
could be several, a primary and backups, called secondary) and sends it
to port 25 on the machine pointed to. Mail only works if that machine
reads mail, knows it is serving mail for the hartley-consultants.com
domain and responds appropriately.
That is how one domain gets to serve the mail for another
[It is also incidently how many spammers get mail sent - some badly
configured mail servers don't reject mail for domains they don't know,
but instead just forward it on]
Inside my home network I have a number of machines on a lan. I have
happened to have chosen not to call those some subdomain of
chandlerfamily.org.uk (although at one point in the past I have done
it that way, and called one of my machines
kanga.chandlerfamily.org.uk, and gave it an ip-address 192.168.0.12).
Not sure I follow. Don't all hosts on your LAN have to have a local
domain name such as kanga? On your LAN, don't all your hosts have
their own local address, such as 192.168.1.1, 192.168.1.2, etc.?
They do - but in my case they are called xxx.home so I have kanga.home,
pooh.home, piglet.home etc etc and they have ip addresses 192.168.0.1,
192.168.0.2 etc etc. I have a private dns server within my LAN serving
up those ip addresses for the name requests.
HOWEVER, I could just have easily called them
kanga.chandlerfamily.org.uk, pooh.chandlerfamily.org.uk etc etc and used
my public dns server (the one at my registrar) to serve up those ip
addresses for the names. In fact at some point in the past I did
exactly that and the example below is using that configuration
The problem comes when you want to make INCOMING connections to
kanga.chandlerfamily.org.uk. The program trying to make that
connection looks it up and gets 192.168.0.12 and it doesn't know where
to send this to (its unroutable). Instead, I would ssh to
home.chandlerfamily.org.uk and (if it was a router rather than the
linux box that it is) I would forward the port to 192.168.0.12 - this
is known as reverse NAT. But I can only set the router to do it to
one of my machines per port. In this case I would use port 22 and
forward it on.
I'll think about this. If the incoming signal comes to your router,
the router sends it to the LAN (192.168.0.0) and the kanga host picks
it up. I suppose you are attacking the port to your ssh command. That
is, are you forcing delivery to the usual ssh port of 22?
Not quite. The router, is configured to forward all messages on port 22
to port 22 of a specific machine on your lan (not the lan as a whole as
you imply). In my case that would be the kanga.
[At least that would be true when I had a router and several machines
behind it. These days the router IS a linux box, and I ssh directly
into it, and can, after then crossing some security barriers, ssh onward
to any of the machines on my lan]
Thanks for your input.
I hope its was useful.
--
Alan Chandler
http://www.chandlerfamily.org.uk
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/4c98952a.30...@chandlerfamily.org.uk
