Daniel,
Thanks. I stuck with it and found a small utility called "redir" from the
sunsite for RedHat 5.0. Now I redirect all of my port 80 traffic to the
internal web server and it works like a champ. However I was not satisfied
to stop there. My next goal is to redirect some of the traffic to the UNIX
box which doubles as my firewall and mail server but still have the port 80
traffic going to the internal server which is an NT box.
I have looket at the Apache documentation for LISTEN and BINDADDRESS but no
success sending port 8080 calls to UNIX yet.
Any Ideas?
-----Original Message-----
From: Daniel Valfre <[EMAIL PROTECTED]>
To: Mark Schanuel <[EMAIL PROTECTED]>
Cc: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Friday, November 20, 1998 8:07 PM
Subject: Re: Fw: Users can't see web server behind firewall
>hello
>
>Mark Schanuel wrote:
>
>> Subject: Users can't see web server behind firewall
>> Using ipfwadm to firewall a web server and masqurade workstations in
>> a small office. PPP to ISP and single ethernet segment for the LAN.
>> Masqurade works fine but I am not able to forward tcp requests to my
>> web server which resisdes inside the firewall. Workstations can see
>> both serves and the internet. Internet users (external) who browse to
>> the firewall see the default Apache page on the firewall server and
>> not the pages on the internal web server. Here are my rc.local entries
>> (Running RedHat 2.0.31)#This one is supposed to forward tcp to my web
>> server (not working)ipfwadm -F -a accept -b -P tcp -S 0.0.0.0/0
>> 1024:65535 -D 192.168.1.2 80 #These entries are for masquerading the
>> workstations (working)ipfwadm -a m -S 192.168.1.3/32 -D
>> 0.0.0.0/0ipfwadm -a m -S 192.168.1.4/32 -D 0.0.0.0/0ipfwadm -a m -S
>> 192.168.1.5/32 -D 0.0.0.0/0ipfwadm -a m -S 192.168.1.6/32 -D
>> 0.0.0.0/0 Topology ********** ppp0 ************ eth0
>> ***************INTERNET ************ FIREWALL *********** Web Server
>> *********** *192.168.1.1* * * 192.168.1.2
>> * ************ *
>> ***************
>> * *
>> *************** **** Win 95 WS
>> * * * 192.168.1.3
>> * *
>> ***************
>> * *
>> *************** **** Win 98 WS
>> * * * 192.168.1.4
>> * *
>> ***************
>> * *
>> *************** **** UNIX ws
>> * * * 192.168.1.5
>> * * ***************
>
>A point:
>First you are using IP address that are reserved. No router around the
>Net will have a route to your Web Server. The workstations are doing
>fine due to masquerading on your firewall
>A solution is to publish your firewall address (ISP side) as your Web
>Server and have the firewall redirect incoming request over port 80 to
>the real Web Server (192.168.1.2). There is a package called transproxy
>who does the stuff in conjunction with the transproxy feature of the
>current linux kernesl (I think Apache can do something like that but I
>am not sure)
>You can get transproxy at ftp://ftp.nlc.net.au/pub/linux/www/ with a
>name like
>transproxy-x.x.tgz or on Sunsite.
>
>hope this helps
>
>greetins
>daniel
>
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
