Re: [Shorewall-users] port forwarding on a single ip

Tue, 20 Nov 2007 13:23:00 -0800 

On Tue, Nov 20, 2007 at 09:57:16AM -0800, Tom Eastep wrote:
> Stéphane Gully wrote:
> > Hello,
> > 
> > I'm new to this list so please forgive me if my question has been
> > already asked. I searched in the archives and the FAQ (especially here
> > http://www.shorewall.net/Shorewall_and_Aliased_Interfaces.html#DNAT ),
> > but I found nothing.
> > 
> > My problem is simple:
> > - I have a single public ip on my server (for example: 87.145.23.55)
> > - I have an apache daemon run by a non-root user which is listening on
> > 40240 port
> > I would like to forward all the traffic from the port 80 to the 40240 port.
> > 
> > I tried this rule but nothing is forwarded :
> > DNAT       net     net:87.145.23.55  tcp  40240  80  87.145.23.55
> > 
> > Do you think I can do that and how ? (I'm not a network expert...)
> 
> You just need this rule:
> 
> REDIRECT      net     40240   tcp     80      -       87.145.23.55
> 
While Tom is technically correct, there is a better way.

Tom's solution redirects *all* port 80 traffic to the higher port.  If
you are doing name-based virtual hosting and want to have some sites
served by Apache on port 80 and others redirected to the apache being
run by the user on the higher port, then you need to do something else.

In the main Apache (the one listening on port 80), you need a virtual
host defined like this:

<VirtualHost *:80>
  ServerName www.example.com
  ServerAdmin [EMAIL PROTECTED]

  <IfModule mod_proxy.c>
    ProxyPass / http://87.145.23.55:40240/
    ProxyPassReverse / http://87.145.23.55:40240/
  </IfModule>
</VirtualHost>

Then you configure the other Apache, you configure it however you like.
This will allow you to have different users run different Apache
instances on high number ports and still have all of them be accessible
from the outside world over port 80.

Regards,

-Roberto
-- 
Roberto C. Sánchez
http://people.connexer.com/~roberto
http://www.connexer.com

Attachment: signature.asc
Description: Digital signature

-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to