Re: Fw: Users can't see web server behind firewall

Sat, 21 Nov 1998 11:27:01 -0500 

hello

Mark Schanuel wrote:

>   Subject: Users can't see web server behind firewall
>  Using ipfwadm to firewall a web server and masqurade workstations in
> a small office.  PPP to ISP and single ethernet segment for the LAN.
> Masqurade works fine but I am not able to forward tcp requests to my
> web server which resisdes inside the firewall.  Workstations can see
> both serves and the internet.  Internet users (external) who browse to
> the firewall see the default Apache page on the firewall server and
> not the pages on the internal web server. Here are my rc.local entries
> (Running RedHat 2.0.31)#This one is supposed to forward tcp to my web
> server (not working)ipfwadm -F -a accept -b -P tcp -S 0.0.0.0/0
> 1024:65535 -D 192.168.1.2 80 #These entries are for masquerading the
> workstations (working)ipfwadm -a m -S 192.168.1.3/32 -D
> 0.0.0.0/0ipfwadm -a m -S 192.168.1.4/32 -D 0.0.0.0/0ipfwadm -a m -S
> 192.168.1.5/32 -D 0.0.0.0/0ipfwadm -a m -S 192.168.1.6/32 -D
> 0.0.0.0/0  Topology **********   ppp0   ************  eth0
> ***************INTERNET ************ FIREWALL *********** Web Server
> ***********          *192.168.1.1*     *  * 192.168.1.2
> *                    ************      *
> ***************
> *                                      *
> ***************                                      ****  Win 95 WS
> *                                      *  * 192.168.1.3
> *                                      *
> ***************
> *                                      *
> ***************                                      ****  Win 98 WS
> *                                      *  * 192.168.1.4
> *                                      *
> ***************
> *                                      *
> ***************                                      ****  UNIX ws
> *                                      *  * 192.168.1.5
> *                                      *  ***************

A point:
First you are using IP address that are reserved.  No router around the
Net will have a route to your Web Server.  The workstations are doing
fine due to masquerading on your firewall
A solution is to publish your firewall address (ISP side) as your Web
Server and have the firewall redirect incoming request over port 80 to
the real Web Server (192.168.1.2).  There is a package called transproxy
who does the stuff in conjunction with the transproxy feature of the
current linux kernesl (I think Apache can do something like that but I
am not sure)
You can get transproxy at ftp://ftp.nlc.net.au/pub/linux/www/ with a
name like
transproxy-x.x.tgz or on Sunsite.

hope this helps

greetins
daniel

-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]

Reply via email to