LinuxMCE Forums
General => Users => Topic started by: mejborn on June 01, 2009, 12:59:53 am
-
Hi,
I'am currently trying to get my webserver working behind the linuxmce core, but it does not seem to work out right. I can't access the webserver from the internet only with its local ip. I've added the following 2 rules:
tcp 5501 to 5501 5501 192.168.80.247 port_forward Delete
tcp 80 to 80 80 192.168.80.247 port_forward Delete
It's not something speciel with the webserver cause port 5501 is my ssh port to the server running my webserver and when I try to connect to that port from the internet I'am getting a "connection refused". I have tried to restart the core, but without any luck.
Does anyone have a clue to what i'am doing wrong?
Thanks!
-
Is your core's external IP address a public IP address? Or a 192.168.y.z or something like that, behind a router? If the latter, then you have to set up a port forward on your router for the same ports, to forward to the external IP of your core, first. Only then can you forward on the core the rest of the way to your web server... ie a chain of 2 forwards in a row.
-
I've just checked the ip of the external nic on the core and it's 192.168.1.6 and thats because my ISP have installed a router as a part of my internet connection at home.
So can the solution be to just redirect all ports on the router to the external interface on the core?
Thanks
-
That would probably be easiest, yeah.
-
Hi again,
I finally got my modem (insted of a router) from my ISP, after I installed it I've waited 24 hours (to get a new IP). It all works out and I can reach the core from outside, my problem is that I only can reach the core.
Are there anyone else running a webserver behind the core than me?
My "problem" is that when I try to reach it, I get hold of the web interface to the pluto admin page instead. Of cause that's fine and I also wanna be able to do that, but how do I combine that with my other webserver.
Is the solution to make the core's webserver run on another port, since it's just me that should use that, I would be aware of the change made to the port.
If it would help anyone, my firewall core setup looks like this:
Protocol Source Port Destination Port Destination IP Rule Type Limit to IP
udp 4569 to 0 0 core_input Delete
udp 5060 to 0 0 core_input Delete
udp 2000 to 0 0 core_input Delete
tcp 2000 to 0 0 core_input Delete
tcp 5501 to 5501 5501 192.168.80.247 port_forward Delete
tcp 80 to 80 80 192.168.80.247 port_forward Delete
tcp 3877 to 3877 3877 192.168.80.1 port_forward Delete
Best regards
-
you cant get to both of them on port 80, you will have to use a different port for one of them.
you need to edit the apache config file (/etc/apache2/ports.conf) to change what port it listens on.
-
Ohh okay, I can't get it working by adding my webserver to the "sites-enabled" and "sites-avaible" either?
-
Those files are for configuration of other dirs on the core itself. if you moved all your files from your internal webserver to the core, then yeah, you could serve them up from there.
-
I can't move my other websites to the core because it runs on tomcat so I've modified the ports.conf and now pluto-admin is running on that port but I can't get the port redirection to work properly. I've tried to delete all the rules and just add one that redirect port 80 to a local webserver connected to the internal NIC at the core, like the following (plus port 3877 which is automatically added):
Protocol Source Port Destination Port Destination IP Rule Type Limit to IP
tcp 80 to 0 0 192.168.80.247 port_forward Delete
tcp 3877 to 3877 3877 192.168.80.1 port_forward Delete
If i type in my external ip in the browser followed by 81 I'am getting to pluto-admin, but if I remove 81 I'am getting a "Page Load Error".
I can reach the webserver by typing in the local webserver's ip address. An iptables -L at the core, seems not to redirect port 80?
mathias@dcerouter:~$ sudo iptables -L
[sudo] password for mathias:
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT 0 -- anywhere anywhere
ACCEPT 0 -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT 0 -- anywhere anywhere MARK match 0x1
ACCEPT udp -- anywhere anywhere udp dpt:bootps
ACCEPT 0 -- 192.168.80.0/24 anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
mathias@dcerouter:~$
-
why did you not put in a destination port in your rule?
-
I've tried that also, now it looks like this:
Protocol Source Port Destination Port Destination IP Rule Type Limit to IP
tcp 3877 to 3877 3877 192.168.80.1 port_forward Delete
tcp 80 to 0 8080 192.168.80.247 port_forward Delete
-
An easier way around this is to set your broadband router up to forward port 80 from the internet to your core on port 81 (say) - in other words your are doing a PAT and NAT. Then on your core you simply set up another forward from port 81 to port 80 on your web site, thus completely skipping the port 80 issue. You can deal with the admin site externally using a similar method.
-
My problem with this is that i've just replaced my internet router with an ordinary modem so that my core is the router on my network. But maybe I should put my soekris 5501 (which is also my webserver) between the modem and the core and have it redirect all traffic to the core except port 80?