Bradey Honsinger
2003-Jan-14 15:37 UTC
[Shorewall-users] Two web servers on DMZ zone with private ad dresses. How to?
That log message looks like someone (or some program) is trying to browse to moreover.com from your web server machine--it''s not a reply to an external request. You''d see messages like that if you were running some sort of HTTP proxy server (like Squid) on that box (although they''d likely be to multiple IPs, unless your users only browsed to p.moreover.com). It could also someone trying to browse from the box itself, although you''d likely see multiple IPs then too. However, after looking at moreover.com, it''s more likely that you''re trying to use one of the moreover.com web services, possibly from a CGI script or cron job. You should either add an appropriate ACCEPT rule or disable the program that''s trying to access their service. To answer your second question: you can''t have multiple web servers on the same port on the same IP address (obviously). If you''d like to expose them on different public IP addresses, you can either use proxy ARP or DNAT. Shorewall can, if configured correctly, accept traffic to the same port on different public IP addresses and forward it to different ports at a single private IP address. We''d need more specific information to give you a specific rule. - Bradey -----Original Message----- From: Trifon Anguelov [mailto:clio_usa@yahoo.com] Sent: Tuesday, January 14, 2003 3:10 PM To: Shorewall Users Subject: [Shorewall-users] Two web servers on DMZ zone with private addresses. How to? Two quick questions to the group: Anyone seen this before: Jan 14 02:55:45 gw1 kernel: Shorewall:all2all:REJECT:IN=eth1 OUT=eth0 SRC=66.58.99.83 DST=170.224.8.51 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=38676 DF PROTO=TCP SPT=1735 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0 I mean my web server is trying to replay to some external host 170.224.8.51 (p.moreover.com) for some reason. What could be? It happends pretty often. The second mind-bothering thing is: If I have two or more web servers(separate machines) on the same DMZ zone, how they all can listen on port 80. I mean, I read the Tom''s example to listen on port diff than 80 (http://www.abz.com:5000) but who is going to type the extra :5000 after the URL? What is the practical implementation in this case? The firewall has to know to which host to send the port 80 traffic. If these addresses are public then the DNS will resolve them, of course. But what if I use private addresses? Can still the port forwarding work? Hope that''s not to much to ask from a Linux box :-))) Thank you in advance and my best regards. Trifon Visit my Web Site: http://www.dbaclick.com Tons of Oracle DBA''s scripts, articles, manuals and documents My profile: http://profiles.yahoo.com/clio_usa --------------------------------- Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now _______________________________________________ Shorewall-users mailing list Shorewall-users@shorewall.net http://mail.shorewall.net/mailman/listinfo/shorewall-users
Trifon Anguelov
2003-Jan-14 16:09 UTC
[Shorewall-users] Two web servers on DMZ zone with private ad dresses. How to?
I guess, you show me the way. I brosed their web site too and remembered, that I am getting news feeds from moreover.com for my web site. They have to be tracking with this blocked requests, who is reading their news and somehow compile demographic statistics, etc. Now makes sense. Second answer makes sense. The problem is that I am running out of public addresses and trying to figure it out how to run three domains on two IP addresses. I guess, I have to serve at least two domains with the same web server and use virtual hosts in Apache. Thanks for the help. Trifon Bradey Honsinger <BradeyH@construx.com> wrote: That log message looks like someone (or some program) is trying to browse to moreover.com from your web server machine--it''s not a reply to an external request. You''d see messages like that if you were running some sort of HTTP proxy server (like Squid) on that box (although they''d likely be to multiple IPs, unless your users only browsed to p.moreover.com). It could also someone trying to browse from the box itself, although you''d likely see multiple IPs then too. However, after looking at moreover.com, it''s more likely that you''re trying to use one of the moreover.com web services, possibly from a CGI script or cron job. You should either add an appropriate ACCEPT rule or disable the program that''s trying to access their service. To answer your second question: you can''t have multiple web servers on the same port on the same IP address (obviously). If you''d like to expose them on different public IP addresses, you can either use proxy ARP or DNAT. Shorewall can, if configured correctly, accept traffic to the same port on different public IP addresses and forward it to different ports at a single private IP address. We''d need more specific information to give you a specific rule. - Bradey -----Original Message----- From: Trifon Anguelov [mailto:clio_usa@yahoo.com] Sent: Tuesday, January 14, 2003 3:10 PM To: Shorewall Users Subject: [Shorewall-users] Two web servers on DMZ zone with private addresses. How to? Two quick questions to the group: Anyone seen this before: Jan 14 02:55:45 gw1 kernel: Shorewall:all2all:REJECT:IN=eth1 OUT=eth0 SRC=66.58.99.83 DST=170.224.8.51 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=38676 DF PROTO=TCP SPT=1735 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0 I mean my web server is trying to replay to some external host 170.224.8.51 (p.moreover.com) for some reason. What could be? It happends pretty often. The second mind-bothering thing is: If I have two or more web servers(separate machines) on the same DMZ zone, how they all can listen on port 80. I mean, I read the Tom''s example to listen on port diff than 80 (http://www.abz.com:5000) but who is going to type the extra :5000 after the URL? What is the practical implementation in this case? The firewall has to know to which host to send the port 80 traffic. If these addresses are public then the DNS will resolve them, of course. But what if I use private addresses? Can still the port forwarding work? Hope that''s not to much to ask from a Linux box :-))) Thank you in advance and my best regards. Trifon Visit my Web Site: http://www.dbaclick.com Tons of Oracle DBA''s scripts, articles, manuals and documents My profile: http://profiles.yahoo.com/clio_usa --------------------------------- Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now _______________________________________________ Shorewall-users mailing list Shorewall-users@shorewall.net http://mail.shorewall.net/mailman/listinfo/shorewall-users Visit my Web Site: http://www.dbaclick.com Tons of Oracle DBA''s scripts, articles, manuals and documents My profile: http://profiles.yahoo.com/clio_usa --------------------------------- Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now