HPE Community
Operating System - Linux
1754885 Members
3690 Online
108827 Solutions
New Discussion юеВ

Re: Please help me --> apache is local and iis external want them both

 
SOLVED
Go to solution
Alexander Chuzhoy
Honored Contributor

тАО09-01-2003 01:06 AM

тАО09-01-2003 01:06 AM

Re: Please help me --> apache is local and iis external want them both

You can install ISA server on your windows server and then use the publish option.It's possible to redirect traffic to desired IP/ports.
0 Kudos
Reply
charlie_21
Advisor

тАО09-01-2003 01:57 AM

тАО09-01-2003 01:57 AM

Re: Please help me --> apache is local and iis external want them both

oke Stuward i tried the iptables -t nat -I PREROUTING -j DNAT -p tcp --dport 8080 --to 192.168.1.4

it seems to accept the command , but when i type the address 81.204.73.15:8080 i get my default page who is running on port 80 on the LAMP , so still no redirection to my internal ip IIS.

but i think the command looks something like this it looks oke , but my internalwebserver
is still not reachable from the outside world.

And Yes my IIS is configured , so all trafic goes to the default gateway (it's my second NIC in the linuxbox called 192.168.1.1.) it has an internet connection because of the NAT script running on the LAMP.

why do i get the same page that is on port 80 ??

-----------------
And Alexander Thx but now i tasted the LAMP.
I prefer the linux in the Front.
So you option might work (ISA Server), but i want unix security now !!
So this is no option for me anymore.
-----------------
I'am who I'am
0 Kudos
Reply
charlie_21
Advisor

тАО09-01-2003 02:14 AM

тАО09-01-2003 02:14 AM

Re: Please help me --> apache is local and iis external want them both

this is my NAT Script,

modprobe iptable_nat
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A INPUT -i lo -j ACCEPT
/sbin/iptables -A INPUT -j LOG --log-level 4 --log-prefix "ATTACK"
/sbin/iptables -A INPUT -j DROP

/sbin/iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j MASQUERADE
/sbin/iptables -t nat -I PREROUTING -j DNAT -p tcp --dport 8080 --to 192.168.1.4
/sbin/iptables -t nat -I PREROUTING -j DNAT -p tcp --dport 81 --to 192.168.1.4

i put the two lines in there, on the 81 i have
http://192.168.1.4:81/portal/ should be working now.....

also on http://192.168.1.4:8080 i have a ShnForum on asp + acces mdb...it's oke to it's running still no one can see it from the outside world.

So the DNAT looks nice but it doesn't seem to work , any ideas ??

Off course my iptables firewall runs before this NAT script, and i told him to accept 8080 and 81 , so the prerouting command must do the rest now , but i think the linux doesn't translate it back to my internal ip ??

Hmm , Still don't want to by a router with advanced portmapping option.
To easy , and why spend money if you now it can be done !!!!


I'am who I'am
0 Kudos
Reply
charlie_21
Advisor

тАО09-01-2003 02:43 AM

тАО09-01-2003 02:43 AM

Re: Please help me --> apache is local and iis external want them both

Here My Firewall

Accept If protocol is TCP and destination port is 80
Accept If protocol is TCP and destination port is 21
Accept If protocol is TCP and destination port is 22
Accept If protocol is TCP and destination port is 25
Accept If protocol is TCP and destination port is 23
Accept If input interface is lo
Accept If input interface is eth1
Accept If input interface is eth2
Run chain REJECT If protocol is TCP and destination port is 0:1023
Run chain REJECT If protocol is TCP and destination port is 2049
Run chain REJECT If protocol is UDP and destination port is 0:1023
Run chain REJECT If protocol is UDP and destination port is 2049
Run chain REJECT If protocol is TCP and destination port is 6000:6009
Run chain REJECT If protocol is TCP and destination port is 7100
Accept If protocol is TCP and destination port is 10000
Accept If protocol is TCP and destination is 81.204.73.15 and destination port is 8080 and source port is 8080 and source and destination ports are 8080
Accept If protocol is TCP and destination port is 110
Accept If protocol is TCP and destination port is 81

So looks good ??

What am i doing wrong here ??

http://81.204.73.15:81/portal
or
http://81.204.73.15:8080/

If you find Hole's please lett me know in a friendly way , i'll give you points and a Bosche Boll once you're in Den Bosch.
I'am who I'am
0 Kudos
Reply
benoit Bruckert
Honored Contributor

тАО09-01-2003 08:16 AM

тАО09-01-2003 08:16 AM

Re: Please help me --> apache is local and iis external want them both

HI CHarlie,
Stranges rules :
reject 0:1024 before accept 81 ?
THese rules are configured in your linux box (I.E. iptables) or in your router ?
what is exactly your script to configure the chains ?
can you post your iptables -L ? this could be helpfull... But is not really safe for your security . We can know all your chains by that !

I think you should have a rule before the nat which disturb the proper answer...

hth
Benoit
Une application mal pans├йe aboutit ├а une usine ├а gaze (GHG)
Reply
charlie_21
Advisor

тАО09-05-2003 03:13 AM

тАО09-05-2003 03:13 AM

Re: Please help me --> apache is local and iis external want them both

Okeey I got it working

so all the internal activity can be brought to the oudside world.

See the post on my Test Forum,

Http://81.204.73.15/
check the Does anyone know Portmapping.

there are tips and also the portmapping is working,
As well the LAMP as the IIS = Online for the oudside world.

Wonderfull , Thx for all the effort Guy's
I'am verry happy now.

NOW I CAN COMBINE THE SRENGHT,

Like http://81.204.73.15:8080
or http://81.204.73.15:81/portal

Or my RDP is working behind the scene's
More Secure than ever, i've posted the script on my Site.



Thx for all Patient, and Support.
I'am who I'am
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.