Hi. I am a little stuck with something, and was wondering if I could get some assistance.

I have a fully functioning web server already (running apache) that also runs ipchains to share the internet connection.

I have now hooked up another web server to the local network. It has a local IP (obviously) and I can view the web pages from any other machine on the LAN.

What I would like to be able to do, is access the 2nd web server from the internet, going through the first web server (the gateway).

I thought that I could do this through Apache but I tried to do it and couldn't. Maybe using ipchains would be a better idea (just redirect requests straight to the machine - bypassing apache on the first web server altogether) though I'm not sure.

If someone could assist me on this matter, I would be greatful.

Thankyou.

You could use ipchains as you suggest. Do reverse NAT, mapping port 80/tcp on the real IP to port 80/tcp on your private box IP.

Alternatively you could run squid or some other tool on the gateway and have that redirect the requests.

Or you could just run Microsoft Internet Security and Acceleration Server. Doh! What was I thinking?

Thanks furrycat but could you go into a little more detail as I have only touched on ipchains a little (just to get the shared internet connection working).

If you could provide a little more info, it would be appreciated.

Thanks again.


Lord Morlock

Sorry, I don't know how to do reverse NAT with ipchains 'cos I use ipfilter on FreeBSD for that. I used to know but I forgot. Doh!

Anyway you need to tell the kernel that when a TCP packet with any source address (any outside the local network, that is) and destination address $YOUR_REAL_IP/port 80 hits your machine, that it should be forwarded to port 80 on $MACHINE_WITH_THE_WEBSERVER.

We call this reverse NAT because it's like the usual "hide a private IP behind the real one" in reverse. Instead of the the gateway pretending to be you to the outside world, it pretends to be the outside world to you.

The ipfilter rule I use looks like this (well, one of them):

rdr tun0 $IP port 80 -> $WEB_SERVER_IP port 80 tcp

Here, tun0 is the external interface, IP is my external IP and you can guess what WEB_SERVER_IP is.

You basically need a way to make ipchains do that. My apologies for not remembering how to do it. I don't really like ipchains, it's ugly and doesn't keep state http://discussions.linuxplanet.com/smile.gif

Hi
You can check out these links. They may be helpful. The first is Rusty Russel's ipchains howto and the second gives you some information specifically about ip masquerading. http://www.linuxdocs.org/HOWTOs/IPCHAINS-HOWTO.html http://www.linuxdoc.org/HOWTO/IP-Masquerade-HOWTO/
Hope it helps
Arek http://discussions.linuxplanet.com/wink.gif