LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 12-10-2007, 07:16 PM   #1
jessemirza
LQ Newbie
 
Registered: Dec 2007
Location: The Netherlands, Amsterdam
Distribution: Redhat, Debian & Gentoo
Posts: 13

Rep: Reputation: 0
Apache questions port forwarding


Dear ALl,

I have this problem / question !

I have a working Debian with Apache where i host a website

w-w-w.mydomain.c-o-m and
office.mydomain.c-o-m IN A X.X.X.X my external IP

Now i have manged to get an extra A record from my ISP and that is

poral.mydomain.c-o-m where this record points out the same external IP address that works fine but the question is.... i need to point this record to an internal ip 10.0.0.4 on my lan and i don't know where to start with my cofig.... i need to host a second website on the LAN Box.

I have a port forward on my firewall

Do i have to tell Apache to do something ?

What els !

Can some one point me out to a easy way of letting this-->

office.mydomain.com on port 80 --> to my external ip (this works)
portal.mydomain.com on port 80 --> to my external ip going to my lan ip

with the result of getting both records working one on apache and one on my IIS

Thanks in forward !

Jesse Mirza NL
 
Old 12-10-2007, 10:44 PM   #2
dkm999
Member
 
Registered: Nov 2006
Location: Seattle, WA
Distribution: Fedora
Posts: 407

Rep: Reputation: 35
It seems that what you are trying to do is to separate traffic to the same address and the same port according to the name that is supplied by the requestor. This is not very easy to do. Apache knows how to separate this traffic into several streams because it interprets a header of the form Host:www.domain.com that arrives with each transaction. Unfortunately, Apache is not willing to turn around after having separated the streams and forward the original packet to another address.

Your best bet to achieve the result I think you want is to get a separate IP address to correspond to portal.domain.com. Then you can write a port-forwarding rule in your iptables configuration that will send packets aimed at the portal to your internal IIS server, without causing trouble for the existing www.domain.com service.

I realize that this not a cheap solution, but I think it is the only way to get the result you want.
 
Old 12-12-2007, 03:41 PM   #3
jessemirza
LQ Newbie
 
Registered: Dec 2007
Location: The Netherlands, Amsterdam
Distribution: Redhat, Debian & Gentoo
Posts: 13

Original Poster
Rep: Reputation: 0
Hi one more question?

Is it possible to do this:

w.w.w.mydomain.com port 80 main site on public ip X.X.X.X
office.mydomain.com port 80 sub domain the same public ip X.X.X.X

portal.mydomain.com port 8080 sub domain the same public ip X.X.X.X but some how redirect it to an internal ip 192.168.1.4

What i need to have is:

Internet ---- My Firwall --- Windows 2003 with IIS application
 
Old 12-13-2007, 01:22 AM   #4
dkm999
Member
 
Registered: Nov 2006
Location: Seattle, WA
Distribution: Fedora
Posts: 407

Rep: Reputation: 35
Yes, this is quite readily done. You need to do two things:

1. Have your firewall map the incoming TCP request from the public address to your IIS system address. This is done like this
Code:
# iptables -t nat -A PREROUTING -p tcp -d X.X.X.X --dport 8080 -j DNAT --to-destination 192.168.1.4:80
2. If your firewall has a default FORWARD policy of DROP (the usual case), put an explicit rule allowing the mapped packet to be forwarded:
Code:
# iptables -A FORWARD -p tcp -d 192.168.1.4 --dport 80 -j ACCEPT
#iptables -A FORWARD -m state -p tcp --state ESTABLISHED -j ACCEPT
The first step will alter the incoming connection request so that, as far as the IIS server can tell, it will have come from 192.168.1.x (your firewall local ethernet address) on TCP port 80. That server will respond in its normal way, and send a reply to your firewall. When it arrives there, the packet processing code will compare it to its table of translated packets, and change the header data back so that the reply appears to have come from the public firewall address (X.X.X.X) from port 8080. This packet will then be sent out over the Internet to the original requestor.

Step two is required on the firewall to complete the process of transmitting the packets. Normally, private network addresses (of which 192.168.x.y are a subset) must not be forwarded. However, because the firewall is generating this altered packet, which comes from a public IP address, it is OK to forward it. The two rules together take care of the forwarding in both directions.
 
Old 12-13-2007, 05:59 PM   #5
jessemirza
LQ Newbie
 
Registered: Dec 2007
Location: The Netherlands, Amsterdam
Distribution: Redhat, Debian & Gentoo
Posts: 13

Original Poster
Rep: Reputation: 0
Hi dkm999

Your my hero !

Please send me an e mail with your IBAN account and i will send you a X-mas present !

Bro you showed me the light !

1000 x Thanks

Best regards,

Jesse Mirza

Last edited by jessemirza; 12-13-2007 at 06:28 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Questions regarding external IP & port forwarding deke7777 Linux - Server 6 05-31-2007 08:55 PM
apache port forwarding. sraju Linux - Server 5 10-26-2006 07:16 AM
Apache port forwarding kg4ysy Linux - Software 2 06-14-2006 02:57 PM
Port Forwarding for Apache IlyaZ Linux - Networking 14 05-15-2005 05:41 AM
seperate apache, port forwarding kires Linux - General 2 04-24-2002 01:37 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 12:28 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration