Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
hello all.
my problem is as follows: i have 3 domains, all hosted on the same linux box with apache. i recently configured a firewall on my network which runs slackware8 with iptables. my cable company blocks port 80, so i had been getting around that by having outside DNS servers point my domain from www.domain.com to web.domain.com:81. this works great, except for that my virtual hosts don't work.
however, they work perfectly from inside my network. if i use the IP of my linux machine (192.168.1.56) in the virtual hosts the it works fine, but from anywhere outside the network the virtual hosts don't appear to work... perhaps a firewall issue? does anyone have any suggestions?
i've tried putting both the whole domain name <VirtualHost web.domain.com:81> and the IP as well, neither work.
well, that half worked... let me describe what i think the problem is.
i'm pretty sure that when my firewall forwards the request from port 81 to port 80 of my webserver, it's losing the "www.domain.com" part, and my webserver only sees a request for my internal IP (192.168.1.56). i can create virtual hosts based on my internal IP, but that doesn't go any good, as every domain - no matter the name - will always use that IP.
Try setting the VirtualHost parameter using the IP, and then define the HostName parameter to define the host name. Also, use NameVirtualHost parameter
The web site name is sent in the http header, not the TCP header. So, if that request is making through your firewall/port forwarder and arriving at the web server (verify using a packet sniffer on the web server), then you can pretty much assume that Apache isn't configured correctly, assuming that DNS is correctly configured.
So, the quick fix is to define web.domain.com as well as www.domain.com and point them to the same www code base, and hope the code base doesn't have hardcoded server names anywhere.
However, it seems there is something wonky w/ the port change. The header arrives at Apache requesting port 81, even though you've configured that same server to be on port 80...
I'd change that port 81 in the virtualhost to port 80, since that's what's it's listening on. Apache should then match the servername directive to that provided in the http header (so you see the correct web site). Also, I'd set the NameVirtualHost parameter to the same iport parameter
Someone correct me if I'm wrong... I don't think I've actually tried this yet...
unfortunately, this still isn't working. i've defined my virtual hosts correctly, as far as i know. but they're still not working outside my firewall. it's really puzzling. but here are how my virtual hosts appear in my httpd.conf file:
as you can see, any machine trying to access the IP 192.168.1.56 will be forwarded to a different document root, as i would like my internal clients to have unique data to load. however, the first virtual host entry does not work at all. i've changed it around to everything, even the IP and it still won't work. i'm open to suggestions. thanx :-)
Don't forget the NameVirtualHost parameter. And, the VirtualHost parameter should be an IPort (which I'd match with the NameVirtualHost parameter).
And, the ServerName parameter needs to match the EXACT name of the server referenced, both internally and externally, which means it should probably be a FQDN.
i think, perhaps, you're running a different build of apache than i am. when i add the NameVirtualHost line, i get errors returned when i restart apache; something to the effect of not being defined.
virtual hosts have always worked prior to my firewall, which leads me to believe it has something to do with that.
Prior to your firewall you didn't have multiple named virtual hosts, so there was just one site to worry about. Now you have several, and they don't have a common IP/port.
AFAIK, this feature has been available in 1.3.x for quite some time now. And, it's also in 2.x. So, unless you're using a version from MANY years ago (like 1.2.x), it should work. If you are running 1.2, it's WAY past time to upgrade There have been numerous security fixes since then. Which version are you running? You can look at the error_log when you restart Apache to determine this.
well, i figured out why i was receiving an error. you aren't supposed to put the <>s around the NameVirtualHost. this is how it appears in my httpd.conf file:
So, the ultimate goal of this is to make sure the web server (IP) is accessible by different names. So, the server names will be different but the IPs are the same (internally).
Anyway, your file should probably look something like this:
This will allow you to build two sites internally, and put it on 192.168.1.56:80, but have the server accessible by both toby.lion, and toby.domain.net -- one being the internal name and one being the external name. I'm hoping (guessing that Apache will know to strip off the port stuff when it's attempting to match the name entered in the http header to the ServerName tag. If not, I guess you could append the port to the servername, but I'm not sure if that'll work or not. So, in other words, if
toby.domain.net:81 is the way to access the internal site via the external Internet, then changing the ServerName tag to be
ServerName toby.domain.net:81
and leaving everything else the same might just fix things.
Incidentally, you have somewhat of a security flaw w/ this layout. It's now possible for the external site to access the internal code (toby.domain.net/internal). It would be better to reverse this (who cares if the internal site can access the external code). So, have /usr/local/apache/htdocs for the internal site and /usr/local/apache/htdocs/external for the external site.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.