Shorewall users - Oct 2012 - Trouble with Apache2 ProxyPass

This problem probably has a simple solution, so I''m hoping the
experienced
shorewall users can help me.

I''ve got a 3-interface (net,dmz, & loc) firewall and have several
apache2
virtual web sites in the dmz.  They come into 1 apache server in the dmz, and 
are redirected with the directive "ProxyPass" and
"ProxyPassReverse" in my
Apache "sites-enabled" files to other servers in the dmz.

In most cases, the proxy''d web servers are in virtual machines in the
dmz.  In
1 case, however, I want to have this server in my local subnet.


So here are the details:

Ext IP -> Shorewall -> Apache2 at 192.168.2.150 -> PROXYPASS -> 
Apache2 at
192.168.1.22

Currently, when I try this, I get a "503 Service Temporarily
Unavailable"
error.  The server at 192.1.168.22 works just fine when I access it from within 
the local subnet.  Additionally, thre are no weird errors in any of the apache 
logs.  I am sure this is a firewall problem.



I''ve read the Squid Proxy documentation, but I am not knowledgeable
enough to
apply this to my situation.


Can someone suggest the correct entry into the "rules" file to allow
the apache
server in the dmz to proxypass to a server in the loc subnet?

TIA!
-- 

Casey Bralla

Chief Nerd in Residence
The NerdWorld Organisation

http://www.NerdWorld.org

------------------------------------------------------------------------------
Don''t let slow site performance ruin your business. Deploy New Relic
APM
Deploy New Relic app performance management and know exactly
what is happening inside your Ruby, Python, PHP, Java, and .NET app
Try New Relic at no cost today and get our sweet Data Nerd shirt too!
http://p.sf.net/sfu/newrelic-dev2dev

On Sun, Oct 14, 2012 at 01:18:54PM -0400, Casey Bralla
wrote:
> 
> Ext IP -> Shorewall -> Apache2 at 192.168.2.150 -> PROXYPASS ->
Apache2 at
> 192.168.1.22
> 
> Currently, when I try this, I get a "503 Service Temporarily
Unavailable"
> error.  The server at 192.1.168.22 works just fine when I access it from
within
> the local subnet.  Additionally, thre are no weird errors in any of the
apache
> logs.  I am sure this is a firewall problem.
> 
This sounds more like an Apache configuration problem.  To confirm
whether or not it is a Shorewall problem, you can run ''shorewall
clear''
(followed by a ''shorewall start'' once you have tested the
connectivity).
If after clearing Shorewall, the problem persists, then you have an
Apache configuration issue.

Regards,

-Roberto

-- 
Roberto C. Sánchez
http://people.connexer.com/~roberto
http://www.connexer.com


------------------------------------------------------------------------------
Don''t let slow site performance ruin your business. Deploy New Relic
APM
Deploy New Relic app performance management and know exactly
what is happening inside your Ruby, Python, PHP, Java, and .NET app
Try New Relic at no cost today and get our sweet Data Nerd shirt too!
http://p.sf.net/sfu/newrelic-dev2dev