Re: [WebDNA] Internal [ipaddress] ?
This WebDNA talk-list message is from 2009
It keeps the original formatting.
numero = 102302
interpreted = N
texte = Pat you are exactly right (but you knew that) :) I just got it resolved a=nd was coming back to the=20list to post resolution. As you pointed out, the webserver is separate fr=om the LAN and sees all=20internal traffic as a single external-facing, fully-qualified IP. Just to= cover all bases, I went=20ahead and used the entire external IP range that we own for detection and= it works as expected.=20Thank you for your help.-DanOn Mon, 30 Mar 2009 19:06:25 -0500 Patrick McCormick
wrote:> Dan,>=20> You need to either make sure that DHCP is using a fully qualified rang=e, within your range of=20>addresses. If you need to use NAT to conserve on addresses, then you h=ave to set up the web=20>server and DHCP so that all internal machines appear as the same IP (or= address) to the web=20>server.>=20> Usually, the web server is outside the company LAN and away from the r=andom and unqualified=20>range of internal DHCP-served IP's normally used (most people use 192.1=68.0.xxx or something=20>predictable). NAT translates all those internal IPs so they appear to b=e a single, qualified IP=20>to the rest of the internet. Your web server should be outside the inte=rnal company LAN and IP=20>range and should see any internal traffic from any machine internal tr=affic on a single IP.>=20> I'd make sure that your server is connected to the internet at the sam=e level as the router=20>that's serving your DHCP to the internal machines. Then figure out what= IP address has been=20>assigned to the router by the ISP. All internal traffic will appear at =your webserver on that=20>IP address.>=20> Pat>=20>=20> On Mar 30, 2009, at 6:42 PM, Dan Strong wrote:>=20>> No prob, maybe I wasn't quite as clear as I should have been. I have =20>> a site that needs to differentiate between external and internal =20>> users, that's all. The site is an "intranet" site that employees are =20>> allowed to view from home via a public facing URL, so I have to lock-=20>> it down. If access is from within the network, though (like in the =20>> Employee Dining Room or from someone's desk), I can assume they are =20>> employees, otherwise they wouldn't have been able to log into the =20>> corp. network, or gotten into the building to begin with. Since the =20>> site is public-facing, IT obviously doesn't want to tie it to the =20>> corporate Active Directory stuff, so I am trying to fake unified-=20>> login by detecting internal users and simply foregoing log-in. I've =20>> identified our public-facing IP range and can do it that way it =20>> appears, but I was just wondering if I could identify internal =20>> network IPs via WebDNA and if so how.>> -Dan>>>>>>>> On Tue, 31 Mar 2009 09:50:29 +1100>> Stuart Tremain wrote:>>> Dan>>> I think I misread your question.>>> You should be able to get the ip address of a machine visiting an =20>>> internal site but I am not sure how you would get the ip address =20>>> of the server from another machine.>>> How are the machines on the intranet given their ip addresses, is =20>>> there an internal DHCP or are they just keyed into the ip config ?>>> If the server has a fixed ip address maybe you could put in a text =20>>> var on each page of the site.>>> Regards>>> Stuart Tremain>>> IDFK Web Developments>>> AUSTRALIA>>> webdna@idfk.com.au>>> On 31/03/2009, at 9:21 AM, Dan Strong wrote:>>>> Great, then I'll tell WebDNA you said it was ok :).. No really, =20>>>> how would I do it then, [ipaddress]?>>>> Have I tried? Yes. Did I get an internal IP? No.>>>> -Dan>>>>>>>>>>>>>>>> On Tue, 31 Mar 2009 08:43:51 +1100>>>> Stuart Tremain wrote:>>>>> Can't see why not ...>>>>> So I will say yes.>>>>> Regards>>>>> Stuart Tremain>>>>> IDFK Web Developments>>>>> AUSTRALIA>>>>> webdna@idfk.com.au>>>>> On 31/03/2009, at 8:23 AM, Dan Strong wrote:>>>>>> I am pretty sure the answer is no, but wanted to double-check...>>>>>>>>>>>> For the purposes of an intranet, can I detect the internal IP =20>>>>>> of a site or server such as 10.0.0.25 or whatever?>>>>>>>>>>>> Thanks,>>>>>> -Dan>>>>>> --------------------------------------------------------->>>>>> This message is sent to you because you are subscribed to>>>>>> the mailing list .>>>>>> To unsubscribe, E-mail to: >>>>>> archives: http://mail.webdna.us/list/talk@webdna.us>>>>>> old archives: http://dev.webdna.us/TalkListArchive/>>>>> --------------------------------------------------------->>>>> This message is sent to you because you are subscribed to>>>>> the mailing list .>>>>> To unsubscribe, E-mail to: >>>>> archives: http://mail.webdna.us/list/talk@webdna.us>>>>> old archives: http://dev.webdna.us/TalkListArchive/>>>>>>>> --------------------------------------------------------->>>> This message is sent to you because you are subscribed to>>>> the mailing list .>>>> To unsubscribe, E-mail to: >>>> archives: http://mail.webdna.us/list/talk@webdna.us>>>> old archives: http://dev.webdna.us/TalkListArchive/>>> --------------------------------------------------------->>> This message is sent to you because you are subscribed to>>> the mailing list .>>> To unsubscribe, E-mail to: >>> archives: http://mail.webdna.us/list/talk@webdna.us>>> old archives: http://dev.webdna.us/TalkListArchive/>>>> --------------------------------------------------------->> This message is sent to you because you are subscribed to>> the mailing list .>> To unsubscribe, E-mail to: >> archives: http://mail.webdna.us/list/talk@webdna.us>> old archives: http://dev.webdna.us/TalkListArchive/>=20
Associated Messages, from the most recent to the oldest:
Pat you are exactly right (but you knew that) :) I just got it resolved a=nd was coming back to the=20list to post resolution. As you pointed out, the webserver is separate fr=om the LAN and sees all=20internal traffic as a single external-facing, fully-qualified IP. Just to= cover all bases, I went=20ahead and used the entire external IP range that we own for detection and= it works as expected.=20Thank you for your help.-DanOn Mon, 30 Mar 2009 19:06:25 -0500 Patrick McCormick wrote:> Dan,>=20> You need to either make sure that DHCP is using a fully qualified rang=e, within your range of=20>addresses. If you need to use NAT to conserve on addresses, then you h=ave to set up the web=20>server and DHCP so that all internal machines appear as the same IP (or= address) to the web=20>server.>=20> Usually, the web server is outside the company LAN and away from the r=andom and unqualified=20>range of internal DHCP-served IP's normally used (most people use 192.1=68.0.xxx or something=20>predictable). NAT translates all those internal IPs so they appear to b=e a single, qualified IP=20>to the rest of the internet. Your web server should be outside the inte=rnal company LAN and IP=20>range and should see any internal traffic from any machine internal tr=affic on a single IP.>=20> I'd make sure that your server is connected to the internet at the sam=e level as the router=20>that's serving your DHCP to the internal machines. Then figure out what= IP address has been=20>assigned to the router by the ISP. All internal traffic will appear at =your webserver on that=20>IP address.>=20> Pat>=20>=20> On Mar 30, 2009, at 6:42 PM, Dan Strong wrote:>=20>> No prob, maybe I wasn't quite as clear as I should have been. I have =20>> a site that needs to differentiate between external and internal =20>> users, that's all. The site is an "intranet" site that employees are =20>> allowed to view from home via a public facing URL, so I have to lock-=20>> it down. If access is from within the network, though (like in the =20>> Employee Dining Room or from someone's desk), I can assume they are =20>> employees, otherwise they wouldn't have been able to log into the =20>> corp. network, or gotten into the building to begin with. Since the =20>> site is public-facing, IT obviously doesn't want to tie it to the =20>> corporate Active Directory stuff, so I am trying to fake unified-=20>> login by detecting internal users and simply foregoing log-in. I've =20>> identified our public-facing IP range and can do it that way it =20>> appears, but I was just wondering if I could identify internal =20>> network IPs via WebDNA and if so how.>> -Dan>>>>>>>> On Tue, 31 Mar 2009 09:50:29 +1100>> Stuart Tremain wrote:>>> Dan>>> I think I misread your question.>>> You should be able to get the ip address of a machine visiting an =20>>> internal site but I am not sure how you would get the ip address =20>>> of the server from another machine.>>> How are the machines on the intranet given their ip addresses, is =20>>> there an internal DHCP or are they just keyed into the ip config ?>>> If the server has a fixed ip address maybe you could put in a text =20>>> var on each page of the site.>>> Regards>>> Stuart Tremain>>> IDFK Web Developments>>> AUSTRALIA>>> webdna@idfk.com.au>>> On 31/03/2009, at 9:21 AM, Dan Strong wrote:>>>> Great, then I'll tell WebDNA you said it was ok :).. No really, =20>>>> how would I do it then, [ipaddress]?>>>> Have I tried? Yes. Did I get an internal IP? No.>>>> -Dan>>>>>>>>>>>>>>>> On Tue, 31 Mar 2009 08:43:51 +1100>>>> Stuart Tremain wrote:>>>>> Can't see why not ...>>>>> So I will say yes.>>>>> Regards>>>>> Stuart Tremain>>>>> IDFK Web Developments>>>>> AUSTRALIA>>>>> webdna@idfk.com.au>>>>> On 31/03/2009, at 8:23 AM, Dan Strong wrote:>>>>>> I am pretty sure the answer is no, but wanted to double-check...>>>>>>>>>>>> For the purposes of an intranet, can I detect the internal IP =20>>>>>> of a site or server such as 10.0.0.25 or whatever?>>>>>>>>>>>> Thanks,>>>>>> -Dan>>>>>> --------------------------------------------------------->>>>>> This message is sent to you because you are subscribed to>>>>>> the mailing list .>>>>>> To unsubscribe, E-mail to: >>>>>> archives: http://mail.webdna.us/list/talk@webdna.us>>>>>> old archives: http://dev.webdna.us/TalkListArchive/>>>>> --------------------------------------------------------->>>>> This message is sent to you because you are subscribed to>>>>> the mailing list .>>>>> To unsubscribe, E-mail to: >>>>> archives: http://mail.webdna.us/list/talk@webdna.us>>>>> old archives: http://dev.webdna.us/TalkListArchive/>>>>>>>> --------------------------------------------------------->>>> This message is sent to you because you are subscribed to>>>> the mailing list .>>>> To unsubscribe, E-mail to: >>>> archives: http://mail.webdna.us/list/talk@webdna.us>>>> old archives: http://dev.webdna.us/TalkListArchive/>>> --------------------------------------------------------->>> This message is sent to you because you are subscribed to>>> the mailing list .>>> To unsubscribe, E-mail to: >>> archives: http://mail.webdna.us/list/talk@webdna.us>>> old archives: http://dev.webdna.us/TalkListArchive/>>>> --------------------------------------------------------->> This message is sent to you because you are subscribed to>> the mailing list .>> To unsubscribe, E-mail to: >> archives: http://mail.webdna.us/list/talk@webdna.us>> old archives: http://dev.webdna.us/TalkListArchive/>=20
"Dan Strong"
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
searchable list archive (1997)
Register First (2000)
when is date system date or order date? (1997)
[ShowIf] and empty fields (1997)
Click-through/Referral tracking solution needed (2000)
Not really WebCat- (1997)
Sorting error (1997)
Permissions / Restart WebDNA? (2005)
Date calculation problems (1997)
international time (1997)
can WC render sites out? (1997)
[Cart] ... (1997)
A Suggestion? (1998)
WebCatalog 2.1b3 - Plugin or cgi ? (1997)
WebCat2 - many [carts] on one template page? (1997)
Search with Special Chars (1997)
using showpage and showcart commands (1996)
Multiple Merchant Accounts? (1997)
Server Freeze (1998)
Unique SKU Numbers (2000)