Re: Redirection to two private http servers

Tue, 9 Nov 1999 05:36:20 -0800 

On Tue, Nov 09, 1999 at 02:14:52PM +0100, Emmerich Eggler wrote:
> Juanjo Ciarlante wrote:
> > 
> > On Mon, Nov 08, 1999 at 07:09:21PM +0100, Alain Ganuchaud wrote:
> > > Hi guys,
> > >
> > >
> > > Below is the configuration I want to set up:
> > >
> > >
> > > WWW-------> Firewall <-------> http1 <--------> http2
> > > ___public___|_______________private_________________
> > >
> > > Firewall with Redhat6.X , ipchains & ipmasqadm.
> > >
> > >
> > > WWW requests will come through Firewall to my http1 (=linux portal) then
> > > some
> > > requests could be redirected to http2 (=NT), if data is on it. So, I think I
> > > am facing a problem because I have to redirect to 2 different ip adresses
> > > (port80) to be successful.
> > >
> > > I read linux-net archives & ipmasqadm man pages but still don't figure out
> > > how
> > > it could work. I guess I have to use 'ipmasqadm mfw' but I don't
> > > understand if I can setup such configuration and how to do it.
> > mfw module makes sense for:
> >    * (alot-of) load balancing
> >    * fine grain selection rules (from ipchains).
> > 
> > >
> > > Or maybe, I can configure a different port for http2; in this case I can
> > > redirect
> > > both http requests by 'ipmasqadm portfw'; but I'm not sure it will work.
> > Yap. Given that the only selection criteria is the port, you can
> > forward eg.  fw:80->http1:80, fw:81->http2:80 with 2 portfw rules:
> >         # ipmasqadm -A portfw -a -P tcp -L fwall_ip 80 -R http1 80
> >         # ipmasqadm -A portfw -a -P tcp -L fwall_ip 81 -R http2 80
> > 
> > Of course, you must arrange your URLs to take care of this.
> > 
>  Hi
> 
> I'm trying to setup a similar network.
> 
> o   any client (from the Internet)    [client]
> o   a linux-firwall                       [fw]
> o   a web-server behind the firewall     [www]
> 
> The masq-command was like:
> 
> ipmasqadm portfw -a -P tcp -L fw 80 -R www 80
portfw only works when *actual*forwarding* takes place, ie: 
you cannot redirect ``on same net''.
So:
    . www MUST have fw as its default gateway
    . fw  MUST masquerade connections from www
    . client MUST hit fw at other interface so that fw MUST forward
      packets between client-www
Please check these.

Regards

-- 
-- Juanjo       http://juanjox.kernelnotes.org/
            ... because there IS an OS that CAN follow your power 
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]

Reply via email to