>I have it running on a 4ip host where each interface (ip) is a
>different web site which is what I think you want to do right?
Currently I have a 4ip host....for argument sake:
IP 1 - apache bound to port 80
IP 2&3 - orion bound to port 80 (unfortunately as root...why I'm trying all this)...up
and doing BUSINESS
IP 4 - orion bound to 10080...it is responding to http://ip:10080 and local 'telnet
IP#4 10080' (i wanted this just for now, I will add more security when I get working)
>The problem I ran into is that if I configured each site to only >listen on the
>relevant interface (port= in web-site tag) it didn't
>work. I had to say port="[ALL]". So I gave each site (interface) a
>different port > 1024 and did the ipchains for each, just as you
>have done.
I'm not quite sure what you are saying, but we are getting somewhere...I got orion to
bind to port 10080...I have it in 2 places default-web-site.xml and mysite.xml. both
with hardcoded IP and port. It is responding as that ip/port and not conflicting with
other apache and orion. I've never heard of port="[ALL]".....sounds pretty scary to
me. it binds to all ports? What do you have in default vs. your virtual hosts?
>I also hadded a virutal-hosts entry and a frontend tag in the web
>site xml for each site - both were important but I can't remember
>what failed if you didn't include them.
I have been frustrated with this for almost a month....I actually signed a contract
with RedHat for server support....If orion is responding to port 10080...I would think
orion's part should be done.....what do you think? I will let you know what Red Hat
comes up with...and see if this so called services model is any good. I think the new
kernel has better built in port forwarding...it would be a lot easier it seems if the
firewall and server were on seperate machines....ipchains/ip-masq were not built for
local redirection..there are some hacks I can do, but I don't want to use software on
my server that is installed on less than 1000 servers in the whole universe....
David
On Mon, 22 Jan 2001, David Morton wrote:
>
> Has anybody gotten port-forwarding to work? I want orion to run
> as non-root user on Linux.....I did see:
> http://www.orionsupport.com/articles/unixprocess.html
>
> The following is an excerpt:
> IP Chains (ipfw)
> IP Chains is a program that comes with recent versions of Linux that uses
> the ipfw library to specify rules for TCP/IP packets. For information about
> using it, refer to the howto.
> Here's a simple rule to tell all incoming TCP packets destined for port 80
> to be forwarded to port 10080:
> [root@myhost]$ ipchains -A input --destination-port 80 -p tcp -j REDIRECT 10080
> Warning: Use ipchains at own risk... You are recommended to read the
> documentation first, and have the machine in easy reach.
> This command needs to be executed each time the system is booted, so you
> may want to place it in a startup file somewhere.
>
> I tried ipchains rule with one change:
> ipchains -A input -d 192.168.0.4 80 -p tcp -j REDIRECT 10080
>
> it didn't work.
>
> any suggestions?
>
> If anyone has working on one ip only (on a machine that has multiple ips
> like mine)...please send output of 'ipchains -L'...and any other ipmasqadm
> table output...
>
> Thanks
> David
>
>
