Hi all, my name is Giuliano and I''m writing from Italy. I contacting you because I have a problem with shorewall configuration. I use Suse8.2 Professional and Shorewall 1.4.7c with webmin 1.110. I have a Ip public in eth1 (80.18.93.194/20) I have created my lan in eth0 (192.168.0.0/24) I have created DMZ in eth2 (10.10.10.0/24) I have insert a http/ftp and dns server in DMZ and I have set the DNAT for forward the correct packets from Firewall to DMZ. ip Http server = 10.10.10.101 The system running sucessfully!!!!!!!!!!!!!!!!! My problem concern that now I must insert a second http sever(10.10.10.102) in DMZ but I don''t know how specified in the shorewall rules files that the request for site1 must forward to http server 1 and the request for site2 must forward to http server 2. The dns in dmz resolv the zones with ip public of firewall. www.site1.it ---- FIREWALL (DNAT) ------- DMZ=apache server 1 www.site2.it ---- FIREWALL (DNAT) ------- DMZ=apache server 2 Can you help me,please ? Thanking in advance and sorry for my english. Giuliano.
> > > My problem concern that now I must insert a second http > sever(10.10.10.102) > in DMZ but I don''t know how specified in the shorewall rules files that > the request for site1 must forward to http server 1 and the request for > site2 must forward to http server 2. > The dns in dmz resolv the zones with ip public of firewall. > > www.site1.it ---- FIREWALL (DNAT) ------- DMZ=apache server 1 > www.site2.it ---- FIREWALL (DNAT) ------- DMZ=apache server 2 > > Can you help me,please ? >Do www.site1.it and www.site2.it resolve to the same or to different IP addresses? -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline \ http://www.shorewall.net Washington, USA \ teastep@shorewall.net
>-- Messaggio originale -- >Date: Fri, 7 Nov 2003 09:08:36 -0800 (PST) >Subject: Re: [Shorewall-users] NAT in DMZ with Multi Http Server >From: "Tom Eastep" <teastep@shorewall.net> >To: <shorewall-users@lists.shorewall.net> >Reply-To: Shorewall Users Mailing List <shorewall-users@lists.shorewall.net> > > > >> > >> My problem concern that now I must insert a second http >> sever(10.10.10.102) >> in DMZ but I don''t know how specified in the shorewall rules files that >> the request for site1 must forward to http server 1 and the request for >> site2 must forward to http server 2. >> The dns in dmz resolv the zones with ip public of firewall. >> >> www.site1.it ---- FIREWALL (DNAT) ------- DMZ=apache server 1 >> www.site2.it ---- FIREWALL (DNAT) ------- DMZ=apache server 2 >> >> Can you help me,please ? >> > >Do www.site1.it and www.site2.it resolve to the same or to different IP >addresses?Resolve with the same IP public!!!!>-Tom >-- >Tom Eastep \ Nothing is foolproof to a sufficiently talented fool >Shoreline \ http://www.shorewall.net >Washington, USA \ teastep@shorewall.net > > > >_______________________________________________ >Shorewall-users mailing list >Post: Shorewall-users@lists.shorewall.net >Subscribe/Unsubscribe: https://lists.shorewall.net/mailman/listinfo/shorewall-users >Support: http://www.shorewall.net/support.htm >FAQ: http://www.shorewall.net/FAQ.htm
On Sat, 8 Nov 2003 fanabe@tin.it wrote:> >> My problem concern that now I must insert a second http > >> sever(10.10.10.102) > >> in DMZ but I don''t know how specified in the shorewall rules files that > >> the request for site1 must forward to http server 1 and the request for > >> site2 must forward to http server 2. > >> The dns in dmz resolv the zones with ip public of firewall. > >> > >> www.site1.it ---- FIREWALL (DNAT) ------- DMZ=apache server 1 > >> www.site2.it ---- FIREWALL (DNAT) ------- DMZ=apache server 2 > >> > >> Can you help me,please ? > >> > > > >Do www.site1.it and www.site2.it resolve to the same or to different IP > >addresses? > > > Resolve with the same IP public!!!! >Then you can''t use Shorewall to do what you want. You can either run in incoming proxy on the firewall (I understand that Apache can be configured this way but I''ve never tried it) or you can do what I do and run both sites on a single DMZ system with a single instance of Apache and use it''s name-based virtual hosting feature. I run both http://shorewall.net (also known as http://www1.shorewall.net) and http://lists.shorewall.net on the same system with one copy of Apache. Details are in the Apache documentation. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net