HPE Community
Operating System - Linux
1828456 Members
4069 Online
109978 Solutions
New Discussion

Please help me --> apache is local and iis external want them both

 
SOLVED
Go to solution
charlie_21
Advisor

‎07-02-2003 05:53 AM

‎07-02-2003 05:53 AM

Please help me --> apache is local and iis external want them both

Please have a look at this,

I have a small lan with my redhat apache running on 192.168.1.221 (port 81)
Because my external ip is 89.73.204.15 and it's the 2000 server with iis it work oke.
But know i want to run bb forum on my apache.
It's running allright but only local.
So how can i tel the 2000 server that if there come's an request on port 81 it has to be forwarded to the internal ip 192.168.1.221:81
then the apache would be able to let him self see to the outside world.
I read something about clustring webservers,
Also seen an option portmapping - or in windows there is routing and remote acces.
Wich one do i use and HOW ?
Please lett me know , i'll give you points and when your ever in Den Bosch I'll give you A bosscheboll !!! (baker de groot)
I'am who I'am
0 Kudos
Reply
15 REPLIES 15
benoit Bruckert
Honored Contributor

‎07-02-2003 06:44 AM

‎07-02-2003 06:44 AM

Re: Please help me --> apache is local and iis external want them both

Hi,
I think that you are connected to internet through a firewall or at least a router,
then in these 2 cases, you should nat the adresse of the w2k and the Linux to your external ip, 1 nat on the port 80 to the w2k,
the second nat definition on the port 81 to the Linux.
If you are not connected by this way (directly attached), I know many ways, but in Linux (I don't know enough w2k).
For example xinetd offer some port redirection, you can use it to access the iis.

hth
Benoit
_________________
Arthur C. Clarke - Loi N 3: Toute technologie suffisamment avanc??e est indistingable de la magie.
Une application mal pansée aboutit à une usine à gaze (GHG)
0 Kudos
Reply
Jerome Henry
Honored Contributor

‎07-02-2003 08:32 AM

‎07-02-2003 08:32 AM

Re: Please help me --> apache is local and iis external want them both

I would first try easy thing :
on your 2, IIS, make a new site, and in 'base directory section', just say that content comes from http://192.168.1.221:81.
It's the easiest.
If you run a firewall on that box, as said, you can redirect to your Apache, but tell us more about what is running...
You can lean only on what resists you...
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎07-02-2003 10:14 AM

‎07-02-2003 10:14 AM

Re: Please help me --> apache is local and iis external want them both

If you set up the bb on apache in httpd.conf running on port 81.

Port 81

save the httpd.conf file

service httpd restart

Now apache is on port 81.

The best bet is to have your firewall forward all port 81 traffic to the internal IP address.

If its a Linux Firewall I can help with the configuration on that. Let me know.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
charlie_21
Advisor

‎07-03-2003 02:58 AM

‎07-03-2003 02:58 AM

Re: Please help me --> apache is local and iis external want them both

Thx Guy's !!

I've tried to redirect an Url (Universal Recource Location)-->>(but my internaL IP is not Universal ) to bad so the redirect works only with external ip's. (internal it works !!but ->> the outside world can't get connected then, so to bad)

And I've got an 2000 server with and alcatel modem (maybe i can route the port there ??)
I can login to the alcatel but then ??

my external ip = 81.73.204.15 it comes from the planet server via an alcatel = 10.0.0.138, my lancard connected to it = 10.0.0.150 and my internal ip of the second nic = 192.168.1.222 this is my 2000 server config.

Then i've got an Linux Apache Mysql Php running there with 192.168.1.221 it's connected to the network LAN (there it works fine)

so i'm thinking about an route tabel ??
source = external ip then destination would be 192.168.1.221 but the the gate way (the router?), I'am geussing a bit now , so please if some one has done this ....?? how would the table or the route look like the sequence is not clear for me yet.

or is there aN SORT OF app that make's this possible ?? (clustering web servers)
Or maybe i should upgrade my 2000 server to domaincontroller and use active directory services trust's and site's, and redirect there...is this posible if the other server has no active directory but an linux ??

Stop.... My mind = spinning now....
Options options....which is the right way to go...Some one ??

but i need to keep the iis + apache broadcasting on 1 IP toghether but one on port 81 and the other one on 80 so i can emmbed this in a html meta refresh script.
and no one even notice, but then i've got both Best webservers and this combination can be powerfull i guess. ;p


I'am who I'am
0 Kudos
Reply
benoit Bruckert
Honored Contributor

‎07-03-2003 03:25 AM

‎07-03-2003 03:25 AM

Re: Please help me --> apache is local and iis external want them both

HI
Why not connect your modem (I guess it's an ADSL router) to your linux :

ADSL router
|
-------------------------
| |
W2K Linux

Check / learn the config of your Router/modem to redirect 80 to W2K = 10.0.0.something port 80
(which is currently the case) and redirect 81 to Linux =10.0.0.something else port 81.
Of course you need a hub to create the 10.0.0.0 network (it's not possible with a cross over cable). May be the hub is included in your router ?
The other way is to connect Linux directly in place of w2k, use xinetd (easy), or iptables (more skills) to redirect the 80 port.

hope that help
Benoit
___________________
Il s'est trouv?? des filles qui avaient de la vertu, de la sant??, de la ferveur et une bonne vocation, mais qui n'??taient pas assez riches pour faire dans une riche abbaye voeu de pauvret??. Jean de La Bruy??re, Les Caract??res, De quelques usages.
Une application mal pansée aboutit à une usine à gaze (GHG)
0 Kudos
Reply
charlie_20
Occasional Advisor

‎07-03-2003 11:45 PM

‎07-03-2003 11:45 PM

Solution

Re: Please help me --> apache is local and iis external want them both

thx again guy's, but i can't get it done..
My router doesn't support port mapping i can not route the ports there. (alcatel - home edition)
also in IIS there is nothing to redirect to an internal ip.

Then the option to connect my linux to the adsl and tell the linux that every request on port 81 must go to my internal ip , i believe that in linux you can portmap this so i guess i have to work it this way around, and switch O.S --> so first the linx on the adsl and then
behind that the IIS with an internal ip on port 81 Then,
I'll come back to ask you guy's about the portmapping (or chains or what ever ,needed)

But Thx for the support guy's it give's me a lot of different idea's


Still needed two webservers on 1 ip adress.
1 on port 80
1 on port 81
There must be a way.

I'am Who I'am
Reply
charlie_21
Advisor

‎08-31-2003 01:06 PM

‎08-31-2003 01:06 PM

Re: Please help me --> apache is local and iis external want them both

Okeeey I have the Redhat on the ADSL And the http Demon is running on port 80 , so now i want to tel the linux to eredirect the requests on port 8080 or 81 Doesn't matter, to go to my internal ip addres, so to my IIS.

Then i have the advantage to run both at once,
Also the security is much better now, so thx again for letting me switch to this configuration.

I'am almost there i do not want to buy a new router.

Wich *.conf do i edit for this service ??
I'am who I'am
0 Kudos
Reply
Stuart Browne
Honored Contributor

‎08-31-2003 05:08 PM

‎08-31-2003 05:08 PM

Re: Please help me --> apache is local and iis external want them both

You don't have a conf file to edit.

You use the NAT table of IPTables to do this, with rules similar to:

iptables -t nat -I PREROUTING -j DNAT -p tcp --dport 81 --to
iptables -t nat -I PREROUTING -j DNAT -p tcp --dport 8080 --to

Assuming your intal box has it's default route going out this box, everything should be just fine.

If you aren't using IPTables, but are using the older IPChains, you'll need to hunt up the tool called 'ipmasqadm'.

Hope this helps.
One long-haired git at your service...
Reply
Steven E. Protter
Exalted Contributor

‎08-31-2003 08:59 PM

‎08-31-2003 08:59 PM

Re: Please help me --> apache is local and iis external want them both

I think things are overly complicated.

The first thing you should do in my opinion is to figure out how to lay out your network in a more simple fashin.

One problem you have now is that your adsl modem isn't really a router.

You can upgrade to a multiport router for a few hundred dollars and plug the iis box in as well as the Linux box.

If you can't afford the modem or there are other technical issues, you are better off with the Linux machine direct connect.

With iptables and a second nic card, you can very easily forward the iis server all of the traffic it needs and make the Linux box your real router.

I've got two linux boxes in my web hosting shop right now that are BOTH acting as routers. They can forward traffic to any machine in the shop and the BOTH provide NAT for web browsing to my entire home office.

Stuart, Jerome or I can walk you through the process step by step. Right now, you're in abox and you need to get your network out of that box.

Lastly, this thread has been going on for a while. It is quite customary, even in an intermediary stage to take the time to assign points. Even if the problem has not been solved, effort has been made on your behalf.

You can accomplish your goal. There are lots of great suggestions in this thread.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Alexander Chuzhoy
Honored Contributor

‎09-01-2003 01:06 AM

‎09-01-2003 01:06 AM

Re: Please help me --> apache is local and iis external want them both

You can install ISA server on your windows server and then use the publish option.It's possible to redirect traffic to desired IP/ports.
0 Kudos
Reply
charlie_21
Advisor

‎09-01-2003 01:57 AM

‎09-01-2003 01:57 AM

Re: Please help me --> apache is local and iis external want them both

oke Stuward i tried the iptables -t nat -I PREROUTING -j DNAT -p tcp --dport 8080 --to 192.168.1.4

it seems to accept the command , but when i type the address 81.204.73.15:8080 i get my default page who is running on port 80 on the LAMP , so still no redirection to my internal ip IIS.

but i think the command looks something like this it looks oke , but my internalwebserver
is still not reachable from the outside world.

And Yes my IIS is configured , so all trafic goes to the default gateway (it's my second NIC in the linuxbox called 192.168.1.1.) it has an internet connection because of the NAT script running on the LAMP.

why do i get the same page that is on port 80 ??

-----------------
And Alexander Thx but now i tasted the LAMP.
I prefer the linux in the Front.
So you option might work (ISA Server), but i want unix security now !!
So this is no option for me anymore.
-----------------
I'am who I'am
0 Kudos
Reply
charlie_21
Advisor

‎09-01-2003 02:14 AM

‎09-01-2003 02:14 AM

Re: Please help me --> apache is local and iis external want them both

this is my NAT Script,

modprobe iptable_nat
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A INPUT -i lo -j ACCEPT
/sbin/iptables -A INPUT -j LOG --log-level 4 --log-prefix "ATTACK"
/sbin/iptables -A INPUT -j DROP

/sbin/iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j MASQUERADE
/sbin/iptables -t nat -I PREROUTING -j DNAT -p tcp --dport 8080 --to 192.168.1.4
/sbin/iptables -t nat -I PREROUTING -j DNAT -p tcp --dport 81 --to 192.168.1.4

i put the two lines in there, on the 81 i have
http://192.168.1.4:81/portal/ should be working now.....

also on http://192.168.1.4:8080 i have a ShnForum on asp + acces mdb...it's oke to it's running still no one can see it from the outside world.

So the DNAT looks nice but it doesn't seem to work , any ideas ??

Off course my iptables firewall runs before this NAT script, and i told him to accept 8080 and 81 , so the prerouting command must do the rest now , but i think the linux doesn't translate it back to my internal ip ??

Hmm , Still don't want to by a router with advanced portmapping option.
To easy , and why spend money if you now it can be done !!!!


I'am who I'am
0 Kudos
Reply
charlie_21
Advisor

‎09-01-2003 02:43 AM

‎09-01-2003 02:43 AM

Re: Please help me --> apache is local and iis external want them both

Here My Firewall

Accept If protocol is TCP and destination port is 80
Accept If protocol is TCP and destination port is 21
Accept If protocol is TCP and destination port is 22
Accept If protocol is TCP and destination port is 25
Accept If protocol is TCP and destination port is 23
Accept If input interface is lo
Accept If input interface is eth1
Accept If input interface is eth2
Run chain REJECT If protocol is TCP and destination port is 0:1023
Run chain REJECT If protocol is TCP and destination port is 2049
Run chain REJECT If protocol is UDP and destination port is 0:1023
Run chain REJECT If protocol is UDP and destination port is 2049
Run chain REJECT If protocol is TCP and destination port is 6000:6009
Run chain REJECT If protocol is TCP and destination port is 7100
Accept If protocol is TCP and destination port is 10000
Accept If protocol is TCP and destination is 81.204.73.15 and destination port is 8080 and source port is 8080 and source and destination ports are 8080
Accept If protocol is TCP and destination port is 110
Accept If protocol is TCP and destination port is 81

So looks good ??

What am i doing wrong here ??

http://81.204.73.15:81/portal
or
http://81.204.73.15:8080/

If you find Hole's please lett me know in a friendly way , i'll give you points and a Bosche Boll once you're in Den Bosch.
I'am who I'am
0 Kudos
Reply
benoit Bruckert
Honored Contributor

‎09-01-2003 08:16 AM

‎09-01-2003 08:16 AM

Re: Please help me --> apache is local and iis external want them both

HI CHarlie,
Stranges rules :
reject 0:1024 before accept 81 ?
THese rules are configured in your linux box (I.E. iptables) or in your router ?
what is exactly your script to configure the chains ?
can you post your iptables -L ? this could be helpfull... But is not really safe for your security . We can know all your chains by that !

I think you should have a rule before the nat which disturb the proper answer...

hth
Benoit
Une application mal pansée aboutit à une usine à gaze (GHG)
Reply
charlie_21
Advisor

‎09-05-2003 03:13 AM

‎09-05-2003 03:13 AM

Re: Please help me --> apache is local and iis external want them both

Okeey I got it working

so all the internal activity can be brought to the oudside world.

See the post on my Test Forum,

Http://81.204.73.15/
check the Does anyone know Portmapping.

there are tips and also the portmapping is working,
As well the LAMP as the IIS = Online for the oudside world.

Wonderfull , Thx for all the effort Guy's
I'am verry happy now.

NOW I CAN COMBINE THE SRENGHT,

Like http://81.204.73.15:8080
or http://81.204.73.15:81/portal

Or my RDP is working behind the scene's
More Secure than ever, i've posted the script on my Site.



Thx for all Patient, and Support.
I'am who I'am
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.