Server via Static IP & Domain

Discussion in 'Mac OS X Server, Xserve, and Networking' started by mforsman, Oct 4, 2011.

  1. mforsman macrumors newbie

    Joined:
    Oct 4, 2011
    #1
    Hello All,

    I am setting up a server with a Mac Mini purchased a few weeks ago. Everything up to today was really easy. I hooked it up to a switch with the airport extreme, printer, all computers, so on so forth, setup the user accounts, and we had the local server running.

    I then proceeded to register a domain through godaddy with SSH, add an A record with our static IP, configure the server with the domain name, make sure the airport is set to "trunk" or something like that (following apples instructions). Yet, when I go to the domain it provides nothing.

    Could it be that the nameservers are still set to what godaddy originally had?

    For the A type DNS the first field was @ and then the second was the IP.

    Thanks for any help you can provide.
     
  2. mainstay macrumors 6502

    mainstay

    Joined:
    Feb 14, 2011
    Location:
    BC
    #2
    "Yet, when I go to the domain it provides nothing."

    What do you mean by this?

    Without the router in place, does the connection work?


    What do you see in the GD domain management?

    Which domain services are you redirecting to your in-house server?

    The A, CNAME, TXT and MX records are usually instant to change.

    DNS values can take 24+ hours to propagate.

    Also, it MAY be that GD won't actually change them until your account is 24 hours old. I don't recall with GD specifically, but I have encountered this hiccup with other hosts.
     
  3. jcodirewolf macrumors newbie

    Joined:
    Jan 13, 2010
    #3
    DNS records live for however long the TTL is set to. They change as soon the authoritative sever is updated. But due to caching any server may hold the record for up to the TTL.

    A common thing to do when you are changing things is to set the TTL down to a few minutes or even 1 second. (Zero seconds isn't recommended, it SHOULD mean don't cache at all, but it's been known to cause problems.)

    johno
     
  4. jcodirewolf macrumors newbie

    Joined:
    Jan 13, 2010
    #4
    This is a very confused paragraph. Trunk is a networking term for hooking switches together, it means you are sending vlan tagged packets. And has nothing to do with a IP addresses or domain names.

    My Guess is your network needs to look like this..

    Internet Provider --> Cable/DSL/CPE Router/modem
    --> Airport (with your static IP, in "Share this IP address mode")
    --> Switch --> Mac Mini with a Static 192.168.1.x address (or some RFC1918)
    |
    +-> Other stuff with DHCP addresses

    MAke sure your Firewall/Airport/Router/Modem are all set to pass port 22/tcp (ssh)

    @ is just a zone file shorthand, it just means origin. You can take a look at the zone file entry in wikipedia. http://en.wikipedia.org/wiki/Zone_file
     
  5. mforsman thread starter macrumors newbie

    Joined:
    Oct 4, 2011
    #5
    Thank you all so much for your help thus far. Everything that you've said today helped in one way or another and now things are moving forward.

    However, the main purpose of this server is to access files while out of the office.

    At home (and at the office where the server is) I have used Finder's "Connect to Server" option and typed in the domain (https://domain.com) and it doesn't mount the drive.

    It pops up, asks me to login, which I do, then proceeds to throw up an error.

    When I'm in the office, and I use the servers local IP it works fine. So I know file sharing is enabled.

    I've also tried the IP the domain is pointing to and it doesn't mount the drive.

    When I go with afp://domain.com it throws up this error:


    Sorry if this isn't making any sense, it's a bit above my understanding (if you can't tell).

    Any ideas?
     
  6. mainstay macrumors 6502

    mainstay

    Joined:
    Feb 14, 2011
    Location:
    BC
    #6
    does yourdomain.com resolve to the correct IP?

    ping yourdomain.com = correct?

    When you connect to server do not use https://

    (If you have a secure web host running on the server make sure you have the web server running and the proper ports forwarded and then access through your browser - but this is the next stage, not the immediate concern)

    just use yourdomain.com


    Can you connect to the server without the router in place (without knowing any specifics, it's hard for us to diagnose, so I'm starting with the basics here...)

    Establish the connection with a direct connection and then add in the router w/ the correct port forwarding.

    Alternatively, you can set the "Enable default host" to point to your server as a temporary measure inside of your airport while you are sorting things out.


    As an aside, have you considered simply VPN'ing into the server?
     
  7. jcodirewolf macrumors newbie

    Joined:
    Jan 13, 2010
    #7
    https runs over port 443/tcp make sure your firewalls/routers/whatever are passing that port from the outside. it could be that your ISP is blocking 443 and/or port 80. A lot of them do that out of the box.

    afp (apple's file sharing protocol runs on port 548/tcp. Although you might do better with setting up a VPN with ssh and accessing the files though the tunnel. Because I'm not sure about the level of encryption that afp uses.

    johno
     
  8. mforsman thread starter macrumors newbie

    Joined:
    Oct 4, 2011
    #8
    I am able to ping the domain and get the correct IP, and also access the site via browser (running the secure webhost included with lion server)

    I also am able to VPN in, then connect to the server using the local IP address, it's just that the main use of this needs to be as idiot proof as possible (freelancers and low-tech bosses) so I would rather just be able to teach them, command-K, address, login, here are the files.

    Thanks again for the continued support, it's been a savior knowing that I'm not stumbling through this alone.
     
  9. mforsman thread starter macrumors newbie

    Joined:
    Oct 4, 2011
    #9
    Finally called apple, they were incredibly helpful and we are up and running fully, mostly thanks to you guys, partially to apple.

    Just to make it clear for anyone who searches in the future.

    In the Airport Utility, make sure that under disks, file sharing is unchecked! Simple as that and AFP connects with no problem now.

    Thanks everyone.
     
  10. mainstay macrumors 6502

    mainstay

    Joined:
    Feb 14, 2011
    Location:
    BC
    #10
    I was thinking on this problem last night and the more I consider it the less I like what you are doing.

    Are you using AFP over SSH?

    Are you obfuscating port 22 to be something else (like external port 4322 points to internal 22)?

    My problem is that you could be opening yourself up to some pretty easy exploits.

    Glacierdave actually said it best here:

    "
    Doing this, in effect, means you're making your server (via your public IP address) available for anyone on the Internet. If they know the IP they can, potentially, connect.

    From there, you're relying on the underlying AFP protocols to be secure - by that I mean that there's no remote-exploitable weaknesses in the protocol (buffer under/over runs, memory leaks, whatever).

    Assuming AFP is fundamentally secure (I don't know if it is - I've not done the research to find out) you're still at a point where all someone needs is knowledge of your IP address and a working username and password.

    How secure is your password? Are you using at least 13 characters? Are you mixing case, numerics, non-alphanumerics? Are there multiple accounts enabled? Are they all secured? Are you running guest/public accounts? Is root enabled?

    Will a firewall help? Not if you still want AFP working - either it's blocked or it's not. If it's blocked, it all stops working. If it's not, you're relying on the security inherint in the AFP protocols (and associated software driving it) to be secure.

    Personally, I'd find another way to do this.

    What will work depends on what you're trying to achieve.

    "

    VPN connections encrypt the data and ensure a difficult time hacking the system.

    Once a vpn connection is setup in each mac as a connection there is just an icon up by the clock that they click on >> enter their credentials >> and they are in. You could even script an automount of their shared folders / home folders.

    So SLIGHTLY more work for the boss, but DEFINITELY more security for the network.

    ----------


    Interesting! thanks for the sharing the solution and glad you are up and running.

    all the best,

    --m
     
  11. mforsman thread starter macrumors newbie

    Joined:
    Oct 4, 2011
    #11
    We are using SSH to secure our server. Although you make some incredibly valuable suggestions about using VPN.

    I'll more than likely switch everyone over to that once the server is fully setup since after all, our servers security is a primary concern.

    I wonder why they don't warn you about that or why they haven't written stronger security for the AFP. It is by far the easiest way to mount a drive (at least for non-techies like my bosses.
     

Share This Page