HPE Community
Operating System - Linux
1828793 Members
2731 Online
109985 Solutions
New Discussion

Port redirection, iptables, apache questions?

 
debian111
Regular Advisor

‎09-18-2006 07:46 PM

‎09-18-2006 07:46 PM

Port redirection, iptables, apache questions?

Hi all,

I have following situation
comp_A(80.xxx.xxx.xxx)--------crossover-----comp_B (192.168.1.20)
On comp_A I have a rule
iptables -t nat -A OUTPUT -s any/0 -d 80.xxx.xxx.xxx -p tcp --dport 80 -j DNAT --to-destination 192.168.1.20
And when I enter at web browser on comp_A 80.xxx.xxx.xxx I got apache test page served on comp_b.
When I at comp_B change port server listens from default 80 to another, let say 100, and on comp_A change rule to
iptables -t nat -A OUTPUT -s any/0 -d 80.65.170.142 -p tcp --dport 80 -j DNAT --to-destination 192.168.1.20:100 and then refresh page on comp_A I cannot get same result as before. I got
Not Found
The requested URL / was not found on this server.
Apache Server at 80.xxx.xxx.xxx Port 80

With iptables rules I redirected all http request to comp_B.
In first case everything is ok, but why this does not work ( serve me the same apache test page ) when I change port number apache listens on comp_B?

It would be very helpful if someone has a time to explain this for all of us who do not understand this.

Thank you

Regards

0 Kudos
Reply
6 REPLIES 6
debian111
Regular Advisor

‎09-18-2006 07:49 PM

‎09-18-2006 07:49 PM

Re: Port redirection, iptables, apache questions?

comp_A=Debian
comp_B=Gentoo

Regards
0 Kudos
Reply
g33k
Valued Contributor

‎09-18-2006 09:50 PM

‎09-18-2006 09:50 PM

Re: Port redirection, iptables, apache questions?

and if you try from local network connect to 192.168.1.20:100 it's working fine?
0 Kudos
Reply
debian111
Regular Advisor

‎09-18-2006 10:04 PM

‎09-18-2006 10:04 PM

Re: Port redirection, iptables, apache questions?

No, I got result as bellow
Not Found
The requested URL / was not found on this server.
Apache Server at 192.168.1.20 Port 100

This is when I try to access from local network to http://192.168.1.20:100
When I change port number to 80 on comp_A, i got default apache test page.
I am asking this becuase I need to forward all http ( the same for https ) reqests to 80.xxx.xxx.xxx to internal web server which may use port differnet than 80, for example 100 ( or whatever else ).
I think my iptables rule is ok and it works job, but I cannot understand why I cannot access to apache test page when I change apache port number. I other words, what to do in order to get web page from apache server http:192.168.1.20:100. I do not what to change, iptables rule or something on web server?

Regards
0 Kudos
Reply
g33k
Valued Contributor

‎09-18-2006 10:12 PM

‎09-18-2006 10:12 PM

Re: Port redirection, iptables, apache questions?

OK check with telnet if apache is really running on that port telnet 192.168.1.20:100 it should give you banner, or at least open the connection, if not tham it's local firewall or apache is not running that port....

then you should check with netstat if apache is listening on port 100. If not then something is wrong with config.
0 Kudos
Reply
debian111
Regular Advisor

‎09-18-2006 10:30 PM

‎09-18-2006 10:30 PM

Re: Port redirection, iptables, apache questions?

With http://192.168.1.20:100 I got as bellow

Not Found

The requested URL / was not found on this server.
Apache Server at 192.168.1.20 Port 100

netstat -a shows that I have connection
netstat -a
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 *:100 *:* LISTEN
tcp 0 0 *:ssh *:* LISTEN
tcp 0 0 192.168.1.20:ssh gateway-traktor:4518 ESTABLISHED
tcp 0 0 192.168.1.20:100 gateway-traktor:4217 ESTABLISHED

Thanks
0 Kudos
Reply
g33k
Valued Contributor

‎09-18-2006 11:41 PM

‎09-18-2006 11:41 PM

Re: Port redirection, iptables, apache questions?

Listen
Syntax: Listen [ port | IP-address:port ]
Default: none
Context: server config
Status: Core

Listen can be used instead of BindAddress and Port. It tells the server to accept incoming requests (to listen) on the specified port or address-and-port combination. If the first format is used, with a port number only, the server listens on the given port on all interfaces marked as up, instead of the port given by the Port directive. If an IP address is given as well as a port, the server will listen on the given port and interface.

Multiple Listen directives may be used to specify a number of addresses and ports to listen to. The server will respond to requests from any of the listed addresses and ports.

For example, to make the server accept connections on both port 80 and port 8000, use:

Listen 80
Listen 8000

To make the server accept connections on two specified interfaces and port numbers, use

Listen 192.170.2.1:80
Listen 192.170.2.5:8000

How this works with Virtual Hosts
BindAddress and Listen do not implement Virtual Hosts. They tell the main Apache daemon process what addresses and ports to bind and listen on. If no directives are used, the server will behave the same for all accepted requests. However, can be used to specify a different behavior for one or more of the addresses and ports. To implement a VirtualHost, the server must:

* Be told to Listen to the desired address and port
* Have a section created for the specified address and port to set the behavior of this virtual host

Note that if the is set for an address and port that the server is not listening to, it cannot be accessed.

I hope you've read this and do not have set diferent behavior for Virtual host...

also I hope you have set DocumentRoot
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.