[plug] Firewall

Kim Covil kimc at ned.dem.csiro.au
Tue Jul 31 10:35:51 WST 2001


> Oops, again it seems more explanation is in order.
> 
> What I have at the moment is a network which looks like this;
> 
> 203.11.114.137
>   smoothwall                         borg
> windows
> 192.168.1.x                   192.168.1.y                       192.168.1.z
>        |                                       |
> |
>       ------------------------- hub -------------------------
> 
> it's being done this way so that eventually my home network can be isolated
> behind another machine and hub.
> 
> the webserver lives on borg, the firewall is a dedicated machine on
> smoothwall.
> 
> What seems to be happening is that the request is coming to smoothwall for
> 203.11.114.137 and it's getting forwarded to borg as a request for the ip,
> without regard as to whether it's the virtual domain or not...
> 
> I guess what I need to know is, is it possible to modify the firewall
> forwarding rules so that packets intended for my virtual domain are seen by
> the web server as being for the virtual domain, preferably without needing
> to give the virtual domain a second ip address....
> 
> Cheers,
> 
> john

As far as I remember the way virtual hosts work with the same IP
address is that an extra HTTP header is included with HTTP v1.1 that
gives the host name of the machine trying to be accessed... this has
nothing to do with your routing... TCP/IP does not include hostnames
in the packets being sent... only IP addresses... that is the entire
point of DNS...

What I assume you have done is moved borg from being directly
connected to the internet (and this is when the apache config
worked) and now it is accessed through smoothwall... this would mean
you have changed the IP address it is being accessed through from
your external IP address to the 192.168.1.y address... Maybe you
haven't fixed up your apache config to be able to be accessed from
192.168.1.y ?!

Send us the virutal hosts section of your apache config (including
what you have for the NameVirtualHost setting)... and also
are you testing whether it is working both from inside the network
and externally...?

Cheers

Kim
-- 
====================================================================== 
Kim Covil - CSIRO Exploration & Mining  E-mail: kim.covil at dem.csiro.au
            PO Box 437, Nedlands,       Tel: +61 8 9284 8425    ,-_!\
            Western Australia  6009     Fax: +61 8 9389 1906   /     \
                                                               *_,-._/
=================================================================== v 
   Please direct all personal e-mail to kimbotha at covil.com.au



More information about the plug mailing list