Setting up httpd server behind a gateway - GoFuckYourself.com

GFED · 09-25-2003, 12:32 AM

Is setting up Apache on the gateway and using ProxyPass the only way to do it?

Everything is working fine with http requests using this method, but what about FTP, IRC, and other protocols?

|}Internet
|
|
|-}Gateway
|
|
|--}Hub
|
|
|---}Srv01---}Srv02---}Srv03

My setup:

Gateway with two NICs; NIC #1 connects to the Internet, NIC #2 connects to the LAN through the Hub

Srv01, Srv02, and Srv03 connect to the Gateway through the Hub

TIA

blazin · 09-25-2003, 12:53 AM

never used proxypass
iptables will do that for you - it should be just a matter of opening the approriate ports

GFED · 09-25-2003, 01:10 AM

Thanks! Any more info on how to modify IPTables to foward http, https, ftp, irc, and other requests to another server on the LAN would be appreciated.

GFED · 09-25-2003, 02:14 PM

Hansm · 09-25-2003, 04:03 PM

If you are running LINUX on your gateway then you can use iptables.

below a example of my routing iptables rule.

external ip is 212.???.???.53 and port 22650 forwards to internal ip 192.168.0.2 and port 21

/sbin/iptables -A PREROUTING -t nat -p tcp -d 212.???.???.53 --dport 22650 -j DNAT --to 192.168.0.2:21

if you want to redirect every port use this

/sbin/iptables -A PREROUTING -t nat -p tcp -d 212.???.???.53 -j DNAT --to 192.168.0.2

GFED · 09-25-2003, 04:52 PM

My gateway is running FBSD 5.1 RELEASE. The first NIC connects to the Internet through a cable modem and has a dynamic IP address. The second NIC connect to the network with an IP address of 192.168.X.X

Quote:

/sbin/iptables -A PREROUTING -t nat -p tcp -d 212.???.???.53 -j DNAT --to 192.168.0.2

Do I just enter this at the CLI? Changing 212.???.???.53 to 192.168.X.X?

I did a 'whereis' and could not find IPTABLES on my system. Is it necessary to use this command, or can I edit a config file?

I also saw somewhere that said you had to recompile your kernal after applying these changes?

Here are a couple of links I found regarding IPTABLES, but I'm still lost

http://www.experts-exchange.com/Secu...8.html#9141055

http://www.linuxquestions.org/questi...002/09/2/30133

Thanks!

joechip · 09-25-2003, 06:33 PM

Quote:

Originally posted by GFED
My gateway is running FBSD 5.1 RELEASE. The first NIC connects to the Internet through a cable modem and has a dynamic IP address. The second NIC connect to the network with an IP address of 192.168.X.X

If your gateway is running FreeBSD then have a look at ipf and ipnat. If the FreeBSD gateway is already fowarding packets from the private network to the public internet you'll probably just need fiddle around in /etc/ipf.rules and /etc/ipnat.rules to add the functionality you're looking for. Check on google and also 'man ipf' and 'man ipnat'

GFED · 09-26-2003, 12:45 PM

Thanks Joe!

teenjump · 09-26-2003, 12:47 PM

Reading all of that made my brain hurt. I should do some reading.

One thing at a time though I guess.

com · 09-26-2003, 12:51 PM

Gfed, with newer versions of fbsd it's IPFW, and you can do port forwarding to an internal ip. Too tired to remember the syntax... just look up ipfw howto

GFED · 09-26-2003, 01:53 PM

Checking it out... Thanks com!

GFED · 09-26-2003, 02:13 PM

Woohoo! I got it!

If anyone else is wondering... all you have to do is open up your /etc/rc.firewall and find this line...

Code:

${fwcmd} add 50 divert natd all from any to any via ${natd_interface}

and change it to whatever...

GFED · 09-26-2003, 03:11 PM

Quote:

Originally posted by GFED
Woohoo! I got it!

If anyone else is wondering... all you have to do is open up your /etc/rc.firewall and find this line...

Code:

${fwcmd} add 50 divert natd all from any to any via ${natd_interface}

and change it to whatever...

Scratch that... I forgot to disable apache on the gateway... :/

I found this link, http://freebsd.hanirc.org/holyboard/...3&no=522&jd=-1

but modifying

natd_flags="-m -s"

to

natd_flags="-m -s -redirect_port tcp 192.168.0.9:80 127.0.0.1:80"

to my /etc/rc.conf doesn't seem to work...

GFED · 09-26-2003, 03:24 PM

also tried reversing the addresses and changing 127.0.0.1 to 192.168.0.1 to no avail

09-25-2003, 01:10 AM	#3
GFED Confirmed User Industry Role: Join Date: May 2002 Posts: 8,120	Thanks! Any more info on how to modify IPTables to foward http, https, ftp, irc, and other requests to another server on the LAN would be appreciated. __________________ https://www.flow.page/savethechildren

09-25-2003, 02:14 PM	#4
GFED Confirmed User Industry Role: Join Date: May 2002 Posts: 8,120	__________________ https://www.flow.page/savethechildren

09-26-2003, 12:45 PM	#8
GFED Confirmed User Industry Role: Join Date: May 2002 Posts: 8,120	Thanks Joe! __________________ https://www.flow.page/savethechildren

09-26-2003, 12:51 PM	#10
com Confirmed User Join Date: Aug 2003 Location: Portland, Oregon Posts: 4,541	Gfed, with newer versions of fbsd it's IPFW, and you can do port forwarding to an internal ip. Too tired to remember the syntax... just look up ipfw howto __________________ Real. Professional. Hosting. .:Expect Nothing Less:. 320-078-843 :: www.realprohosting.com :: [email protected]

09-26-2003, 01:53 PM	#11
GFED Confirmed User Industry Role: Join Date: May 2002 Posts: 8,120	Checking it out... Thanks com! __________________ https://www.flow.page/savethechildren

09-25-2003, 12:32 AM	#1
GFED Confirmed User Industry Role: Join Date: May 2002 Posts: 8,120	Setting up httpd server behind a gateway Is setting up Apache on the gateway and using ProxyPass the only way to do it? Everything is working fine with http requests using this method, but what about FTP, IRC, and other protocols? \|}Internet \| \| \|-}Gateway \| \| \|--}Hub \| \| \|---}Srv01---}Srv02---}Srv03 My setup: Gateway with two NICs; NIC #1 connects to the Internet, NIC #2 connects to the LAN through the Hub Srv01, Srv02, and Srv03 connect to the Gateway through the Hub TIA __________________ https://www.flow.page/savethechildren

09-25-2003, 12:53 AM	#2
blazin Confirmed User Join Date: Aug 2002 Posts: 2,781	never used proxypass iptables will do that for you - it should be just a matter of opening the approriate ports

09-25-2003, 04:03 PM	#5
Hansm Confirmed User Join Date: Jun 2002 Posts: 871	If you are running LINUX on your gateway then you can use iptables. below a example of my routing iptables rule. external ip is 212.???.???.53 and port 22650 forwards to internal ip 192.168.0.2 and port 21 /sbin/iptables -A PREROUTING -t nat -p tcp -d 212.???.???.53 --dport 22650 -j DNAT --to 192.168.0.2:21 if you want to redirect every port use this /sbin/iptables -A PREROUTING -t nat -p tcp -d 212.???.???.53 -j DNAT --to 192.168.0.2

09-26-2003, 12:47 PM	#9
teenjump So Fucking Banned Join Date: Jul 2003 Posts: 1,595	Reading all of that made my brain hurt. I should do some reading. One thing at a time though I guess.

09-26-2003, 02:13 PM	#12
GFED Confirmed User Industry Role: Join Date: May 2002 Posts: 8,120	Woohoo! I got it! If anyone else is wondering... all you have to do is open up your /etc/rc.firewall and find this line... Code: ${fwcmd} add 50 divert natd all from any to any via ${natd_interface} and change it to whatever... __________________ https://www.flow.page/savethechildren

09-26-2003, 03:24 PM	#14
GFED Confirmed User Industry Role: Join Date: May 2002 Posts: 8,120	also tried reversing the addresses and changing 127.0.0.1 to 192.168.0.1 to no avail __________________ https://www.flow.page/savethechildren