Re: Redirection to two private http servers

Emmerich Eggler (emm@eggler.ch)
Tue, 09 Nov 1999 14:14:52 +0100

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Tuan Hoang: "Re: TCP non-blocking read"
Previous message: Glynn Clements: "Re: FW: Sendmail 8.9.3 domain forward"
Maybe in reply to: Alain Ganuchaud: "Redirection to two private http servers"

Juanjo Ciarlante wrote:
>
> On Mon, Nov 08, 1999 at 07:09:21PM +0100, Alain Ganuchaud wrote:
> > Hi guys,
> >
> >
> > Below is the configuration I want to set up:
> >
> >
> > WWW-------> Firewall <-------> http1 <--------> http2
> > ___public___|_______________private_________________
> >
> > Firewall with Redhat6.X , ipchains & ipmasqadm.
> >
> >
> > WWW requests will come through Firewall to my http1 (=linux portal) then
> > some
> > requests could be redirected to http2 (=NT), if data is on it. So, I think I
> > am facing a problem because I have to redirect to 2 different ip adresses
> > (port80) to be successful.
> >
> > I read linux-net archives & ipmasqadm man pages but still don't figure out
> > how
> > it could work. I guess I have to use 'ipmasqadm mfw' but I don't
> > understand if I can setup such configuration and how to do it.
> mfw module makes sense for:
> * (alot-of) load balancing
> * fine grain selection rules (from ipchains).
>
> >
> > Or maybe, I can configure a different port for http2; in this case I can
> > redirect
> > both http requests by 'ipmasqadm portfw'; but I'm not sure it will work.
> Yap. Given that the only selection criteria is the port, you can
> forward eg. fw:80->http1:80, fw:81->http2:80 with 2 portfw rules:
> # ipmasqadm -A portfw -a -P tcp -L fwall_ip 80 -R http1 80
> # ipmasqadm -A portfw -a -P tcp -L fwall_ip 81 -R http2 80
>
> Of course, you must arrange your URLs to take care of this.
>
Hi

I'm trying to setup a similar network.

o any client (from the Internet) [client]
o a linux-firwall [fw]
o a web-server behind the firewall [www]

The masq-command was like:

ipmasqadm portfw -a -P tcp -L fw 80 -R www 80

After telnetting from the client to fw:80, I can see that www
sends the answer directly to the client. The firewall does not
change the source-address. This means, that the client won't
accept the answer, because it was waiting for an answer from fw.
Below you can see the tcpdump.

I'm sure I'm confusing something or just missed a step, so please
give me a hint.

Thanks

Emmerich

14:12:44.740489 client.1054 > fw.80: S 3283299535:3283299535(0)
win 32120 <mss 1460,sackOK,timestamp 4475921[|tcp]> (DF)

14:12:44.741111 www.www > client.1054: S 687831809:687831809(0)
ack 3283299536 win 32120 <mss 1460,sackOK,timestamp 2237121[|tcp]>
(DF)

14:12:47.732422 client.1054 > fw.80: S 3283299535:3283299535(0)
win 32120 <mss 1460,sackOK,timestamp 4476221[|tcp]> (DF)

14:12:47.732955 www.www > client.1054: S 687831809:687831809(0)
ack 3283299536 win 32120 <mss 1460,sackOK,timestamp 2237421[|tcp]>
(DF)

14:12:47.772975 www.www > client.1054: S 687831809:687831809(0)
ack 3283299536 win 32120 <mss 1460,sackOK,timestamp 2237425[|tcp]>
(DF)

__________________________________________________________________
Emmerich Eggler emm@eggler.ch
Eggler Communications +41 (0)79 438 75 11
Wannerstrasse 3/39 +41 (0) 1 463 43 73
CH-8045 Zuerich http://www.eggler.ch
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to majordomo@vger.rutgers.edu

Next message: Tuan Hoang: "Re: TCP non-blocking read"
Previous message: Glynn Clements: "Re: FW: Sendmail 8.9.3 domain forward"
Maybe in reply to: Alain Ganuchaud: "Redirection to two private http servers"