Apache, firewall and DNS

this is really beginning to confuse me.

I have setup my webserver behind a fireall - the firewall is simply forwarding port 80 requests to the webserver.

The webserver has the same IP address (inside the firewall) as the outside address of the firewall.

I have my DNS hosted at easyDNS, and have created host records for both www.mydomain.com as well as mydomain.com - rather than using the easyDNS default of aliasing www.mydomain.com to mydomain.com (the apache manual recommeds having a CNAME record for each host)

I have set my /etc/hosts file so that for all domains I have something like:

my.ip.address mydomain.com www.mydomain.com

I have also setup apache to use namebased virtual hosts, specifying the firewalls outside IP address in the NameVirtualHost directive.

At the moment, whenever I browse to ANY of my domains I get the same as I would if I browsed to my IP address - its as if the virtualservers are not working.

Any ideas?

>> I have set my /etc/hosts file so

hosts file is intended for local use. You want all vhosts to be resolvable to the same IP as www.mydomain.com, so tell easyDNS to host the new domain and point it to the same IP address as www.mydomain.com.

>> the apache manual recommeds having a CNAME record for each host

I don't agree with that. I suggest multiple A records which is more reliable.

>> The webserver has the same IP address (inside the firewall) as the outside address of the firewall

This is correct. Your next step is to make sure anyone on the web can lookup your vhost and resolve to the same IP as www.mydomain.com. Do not even attempt to configure Apache if DNS part is not yet configured properly.

Thanks for the help...

I've now removed all the stuff for the vhosts from /etc/hosts.

an NSLOOKUP of my www.mydomain.com resolves to the correct ip address, a ping also goes to the correct ip address.

I've installed lynx on the webserver - from this machine I can access and browse the vhosts without a problem.

it appears that the DNS is set up correctly - as I can resolve the correct IP addresses.

It seems very bizarre.

I'm going to try something...

I have two machines behaving in the same manor.

It occured to me that I used to have them setup as 192.168.1.100 and 192.168.1.200 respectively - the broadcast address being 192.168.1.255 and default GW on each being 192.168.1.1 and 192.168.1.2 respectively (the internal IP address of my firewalls).

Having changed the IP address of the webservers to their respective outside IP addresses I think I now need to change the ip addresses of the internal firewall nics, and also change the broadcast and default gateways - this hadn't already been done.

I'll have to get my ISP to do that as my machine are colocated, we'll see what happens.