Let's see if I have this straight.
You want to operate a Web server physically located in your home or
office, but accessible to visitors on the Internet.
Your have a DSL connection to the Internet, with a NAT router (i.e.
Linksys) on the home or office side.
You've purchased an IP address from the DSL provider, and the provider
has configured this address to VPN into your home of office. So, when
a Web visitor makes a request to port 80 on the IP address you
purchased from the DSL provider, the request goes through the VPN
tunnel and comes out on your local network, with a local network
address. (This was probably an added-cost
feature, because most providers block port 80 traffic inbound to the
IP address they assign you.)
Your DSL provider has successfully pinged this local network address.
An entry on your DSL provider's DNS server points to the public
address that VPNs into your local network.
The Windows 2003 server on your local network is running not only IIS,
but DNS as well.
Your local workstations are configured to use your Windows 2003 DNS
server only.
The Windows 2003 DSN has the DSL provider's DNS servers defined as
forwarders.
If all this is true, then you shouldn't need to create any CNAMES in
your Windows 2003 DSN, unless the domain name of your public Web site
and the name of your Windows 2003 domain name are the same. For
example, I (stupidly) named my Windows domain interlacken.com, the
same as my public Web site
www.interlacken.com. When I send the
Windows DNS a request for
www.interlacken.com, Windows DNS doesn't
forward it to my ISP's DNS server because Windows DNS is
"authoritative" for interlacken.com. So, I need CNAMES for www and any
other Internet hosts I want to access as <host>.interlacken.com.
Hmmm. If this is indeed your configuration, you have lots of places to
go wrong. This makes it essential to divide and conquer. I would:
o Try pinging and browsing your local numeric IP address for the Web
server. If this doesn't work, you haven't correctly installed the
Web
server.
o If that does work, try browsing and pinging the numeric IP address
you
bought from your DSL provider. If this fails, the problem is either
in
your router or at the DSL provider. For example, the provider may
not
permit you to go out and then back in.
There's also the matter of the VPN software (assuming this is
really
a VPN and not just a NAT). I presume you've received and installed
the
the VPN softare, all necesary certificates, and executed whatever
test cases the provider recommends.
o Once you get every thing working with numeric IP addresses, start
checking DNS resolution. There's a command-line utility named
nslookup
that may help in this regard.
One more thing: if you've got a call open with Microsoft support,
don't make *any* changes to your setup unless and until they tell
you to. Their advice isn't going to work if you change the scenario.
Now you know why most people buy hosting service rather than using
a SOHO internet connection and a server in the corner.
Jim Buyens
Microsoft FrontPage MVP
http://www.interlacken.com
Author of:
*----------------------------------------------------
|\---------------------------------------------------
|| Microsoft Office FrontPage 2003 Inside Out
|| Microsoft FrontPage Version 2002 Inside Out
|| Web Database Development Step by Step .NET Edition
|| Troubleshooting Microsoft FrontPage 2002
|| Faster Smarter Beginning Programming
|| (All from Microsoft Press)
|/---------------------------------------------------
*----------------------------------------------------
