Setting up httpd server behind a gateway
 

Is setting up Apache on the gateway and using ProxyPass the only way to do it?

Everything is working fine with http requests using this method, but what about FTP, IRC, and other protocols?

|}Internet
|
|
|-}Gateway
|
|
|--}Hub
|
|
|---}Srv01---}Srv02---}Srv03

My setup:

Gateway with two NICs; NIC #1 connects to the Internet, NIC #2 connects to the LAN through the Hub

Srv01, Srv02, and Srv03 connect to the Gateway through the Hub




TIA

never used proxypass
iptables will do that for you - it should be just a matter of opening the approriate ports

Thanks! Any more info on how to modify IPTables to foward http, https, ftp, irc, and other requests to another server on the LAN would be appreciated. :)

:glugglug

If you are running LINUX on your gateway then you can use iptables.

below a example of my routing iptables rule.

external ip is 212.???.???.53 and port 22650 forwards to internal ip 192.168.0.2 and port 21

/sbin/iptables -A PREROUTING -t nat -p tcp -d 212.???.???.53 --dport 22650 -j DNAT --to 192.168.0.2:21

if you want to redirect every port use this

/sbin/iptables -A PREROUTING -t nat -p tcp -d 212.???.???.53 -j DNAT --to 192.168.0.2

My gateway is running FBSD 5.1 RELEASE. The first NIC connects to the Internet through a cable modem and has a dynamic IP address. The second NIC connect to the network with an IP address of 192.168.X.X

Do I just enter this at the CLI? Changing 212.???.???.53 to 192.168.X.X?

I did a 'whereis' and could not find IPTABLES on my system. Is it necessary to use this command, or can I edit a config file?

I also saw somewhere that said you had to recompile your kernal after applying these changes?


Here are a couple of links I found regarding IPTABLES, but I'm still lost

http://www.experts-exchange.com/Secu...8.html#9141055

http://www.linuxquestions.org/questi...002/09/2/30133


Thanks!

If your gateway is running FreeBSD then have a look at ipf and ipnat. If the FreeBSD gateway is already fowarding packets from the private network to the public internet you'll probably just need fiddle around in /etc/ipf.rules and /etc/ipnat.rules to add the functionality you're looking for. Check on google and also 'man ipf' and 'man ipnat'

Thanks Joe!

Reading all of that made my brain hurt. I should do some reading. :)
One thing at a time though I guess.

Gfed, with newer versions of fbsd it's IPFW, and you can do port forwarding to an internal ip. Too tired to remember the syntax... just look up ipfw howto

Checking it out... Thanks com!

:glugglug

Woohoo! I got it!

If anyone else is wondering... all you have to do is open up your /etc/rc.firewall and find this line...

and change it to whatever...

Scratch that... I forgot to disable apache on the gateway... :/

I found this link, http://freebsd.hanirc.org/holyboard/...3&no=522&jd=-1

but modifying

natd_flags="-m -s"

to

natd_flags="-m -s -redirect_port tcp 192.168.0.9:80 127.0.0.1:80"

to my /etc/rc.conf doesn't seem to work...

also tried reversing the addresses and changing 127.0.0.1 to 192.168.0.1 to no avail