On Wed, 23 Jan 2002, Erich Titl wrote: > Hi Jon > > great someone took the time, here just my 2c > > [EMAIL PROTECTED] wrote the following at 14:52 > 23.01.2002: > >---------------------------------------------------------------- > >How do I access the Weblet from 'outside' > > > >I have my Dachstein release up and running, and I can access the weblet from > >the inside but... > > > >Q) I would like to access the weblet engine on the primary link. > > > >A) > > > >1: Add a rule to the input chain which should allow access to port 80 > >on the external interface. In /etc/network.conf: > >EXTERN_TCP_PORTS="address/mask_www" > > > >or EXTERN_TCP_PORTx="address/mask www" > >If you like the indexed list better. > > > >2: You will probably have to add something in /etc/hosts.allow: > >sh-httpd: ip.add.re.ss/255.255.255.0 > > Q) But what if I am roaming and want access from an unknown IP > > >3: In /etc/sh-httpd.conf add the address range you are trying to access > >from: > ># Who can access the server? > >CLIENT_ADDRS="123.345.456." > > Q) But i don't know my address on the road. >
dyndns would be a good link here. I've also heard of people setting up scripts to listen for a predetermined sequence of packets at a predetermined port, then open the rule to the IP that the packets come from. This could be as simple as "telnet my.router.home 9999" or something really complex requiring a script and a packet crafter. The router end is out of my depth, but this would be an interesting project to research. > > >Q) > >O.K. but we have a webserver in the DMZ, so port 80 gets forwarded > >to that host. Now what? > > > >A) > >Use some other port, like 81: > > > >1: Follow the above steps, but substitute 'www' with e.g. 81 > > For clarity you might add something to /etc/services > > wwweblet 8081/tcp # the leaf/lrp weblet port > > and then > > > >2: Additionally: > > > >In /etc/sh-httpd.conf: > >SERVER_PORT=81 > > > >Also: > >The program that acually listens on a TCP port, and starts the weblet > >server for each connection is inetd. So you will need to edit > >/etc/inetd.conf, and change the line that starts sh-httpd (weblet's web > >server) from: > > > >www stream tcp nowait root /usr/sbin/tcpd /usr/sbin/sh-httpd > > > >to: > > wwweblet stream tcp nowait root /usr/sbin/tcpd /usr/sbin/sh-httpd > > > >NOTE: Only the port number (the first field) needs to change...everything > >else stays the same. > > > >2.nd NOTE: > >If you are accessing from a single remote host, being too verbose in > >hosts.allow and sh-httpd.conf, by putting address/netmask (e.g. > >111.222.333.444/32 or 111.222.333.444./255.255.255.255), may result in network > >errors, and make the 'protocol die unexpectedly'. > > > >In that case, removing the netmask might help. > >------------------------------------------------------------------------------ > > hope this does not sount too sneaky > > We could even set up the port in /etc/inetd.conf from the information in > /etc/sh-httpd.conf. It takes only a little configuration script (which must > exist anyway in the distribution) and then we'd have to maintain only one > location. > > Erich > > > THINK > P�ntenstrasse 39 > 8143 Stallikon > mailto:[EMAIL PROTECTED] > PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 > > > _______________________________________________ > Leaf-user mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/leaf-user > -- Jack Coates Monkeynoodle: A Scientific Venture... _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
