LinuxMCE Forums

General => Users => Topic started by: mejborn on June 01, 2009, 12:59:53 am

Title: webserver behind Linuxmce core
Post by: mejborn on June 01, 2009, 12:59:53 am
Hi,

I'am currently trying to get my webserver working behind the linuxmce core, but it does not seem to work out right. I can't access the webserver from the internet only with its local ip. I've added the following 2 rules:

tcp     5501 to 5501     5501     192.168.80.247     port_forward         Delete
tcp    80 to 80    80    192.168.80.247    port_forward       Delete

It's not something speciel with the webserver cause port 5501 is my ssh port to the server running my webserver and when I try to connect to that port from the internet I'am getting a "connection refused". I have tried to restart the core, but without any luck.

Does anyone have a clue to what i'am doing wrong?

Thanks!
Title: Re: webserver behind Linuxmce core
Post by: colinjones on June 01, 2009, 01:06:32 am
Is your core's external IP address a public IP address? Or a 192.168.y.z or something like that, behind a router? If the latter, then you have to set up a port forward on your router for the same ports, to forward to the external IP of your core, first. Only then can you forward on the core the rest of the way to your web server... ie a chain of 2 forwards in a row.
Title: Re: webserver behind Linuxmce core
Post by: mejborn on June 01, 2009, 05:32:29 pm
I've just checked the ip of the external nic on the core and it's 192.168.1.6 and thats because my ISP have installed a router as a part of my internet connection at home.

So can the solution be to just redirect all ports on the router to the external interface on the core?

Thanks
Title: Re: webserver behind Linuxmce core
Post by: merkur2k on June 01, 2009, 05:39:04 pm
That would probably be easiest, yeah.
Title: Re: webserver behind Linuxmce core
Post by: mejborn on June 07, 2009, 02:25:14 pm
Hi again,

I finally got my modem (insted of a router) from my ISP, after I installed it I've waited 24 hours (to get a new IP). It all works out and I can reach the core from outside, my problem is that I only can reach the core.

Are there anyone else running a webserver behind the core than me?
My "problem" is that when I try to reach it, I get hold of the web interface to the pluto admin page instead. Of cause that's fine and I also wanna be able to do that, but how do I combine that with my other webserver.

Is the solution to make the core's webserver run on another port, since it's just me that should use that, I would be aware of the change made to the port.

If it would help anyone, my firewall core setup looks like this:

Protocol     Source Port     Destination Port     Destination IP     Rule Type     Limit to IP     
udp    4569 to 0    0       core_input       Delete
udp    5060 to 0    0       core_input       Delete
udp    2000 to 0    0       core_input       Delete
tcp    2000 to 0    0       core_input       Delete
tcp    5501 to 5501    5501    192.168.80.247    port_forward       Delete
tcp    80 to 80    80    192.168.80.247    port_forward       Delete
tcp    3877 to 3877    3877    192.168.80.1    port_forward       Delete

Best regards
Title: Re: webserver behind Linuxmce core
Post by: merkur2k on June 07, 2009, 04:08:08 pm
you cant get to both of them on port 80, you will have to use a different port for one of them.
you need to edit the apache config file (/etc/apache2/ports.conf) to change what port it listens on.
Title: Re: webserver behind Linuxmce core
Post by: mejborn on June 07, 2009, 04:30:49 pm
Ohh okay, I can't get it working by adding my webserver to the "sites-enabled" and "sites-avaible" either?
Title: Re: webserver behind Linuxmce core
Post by: merkur2k on June 07, 2009, 05:43:45 pm
Those files are for configuration of other dirs on the core itself. if you moved all your files from your internal webserver to the core, then yeah, you could serve them up from there.
Title: Re: webserver behind Linuxmce core
Post by: mejborn on June 07, 2009, 05:48:37 pm

I can't move my other websites to the core because it runs on tomcat so I've modified the ports.conf and now pluto-admin is running on that port but I can't get the port redirection to work properly. I've tried to delete all the rules and just add one that redirect port 80 to a local webserver connected to the internal NIC at the core, like the following (plus port 3877 which is automatically added):

Protocol     Source Port     Destination Port     Destination IP     Rule Type     Limit to IP     
tcp    80 to 0    0    192.168.80.247    port_forward       Delete
tcp    3877 to 3877    3877    192.168.80.1    port_forward       Delete

If i type in my external ip in the browser followed by 81 I'am getting to pluto-admin, but if I remove 81 I'am getting a "Page Load Error".

I can reach the webserver by typing in the local webserver's ip address. An iptables -L at the core, seems not to redirect port 80?

mathias@dcerouter:~$ sudo iptables -L
[sudo] password for mathias:
Chain INPUT (policy DROP)
target     prot opt source               destination        
ACCEPT     0    --  anywhere             anywhere            
ACCEPT     0    --  anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     0    --  anywhere             anywhere            MARK match 0x1
ACCEPT     udp  --  anywhere             anywhere            udp dpt:bootps
ACCEPT     0    --  192.168.80.0/24      anywhere            

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination        
TCPMSS     tcp  --  anywhere             anywhere            tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination        
mathias@dcerouter:~$
 
Title: Re: webserver behind Linuxmce core
Post by: merkur2k on June 07, 2009, 09:56:50 pm
why did you not put in a destination port in your rule?
Title: Re: webserver behind Linuxmce core
Post by: mejborn on June 07, 2009, 10:20:02 pm
I've tried that also, now it looks like this:

Protocol     Source Port     Destination Port     Destination IP     Rule Type     Limit to IP     
tcp    3877 to 3877    3877    192.168.80.1    port_forward       Delete
tcp    80 to 0    8080    192.168.80.247    port_forward       Delete
Title: Re: webserver behind Linuxmce core
Post by: colinjones on June 07, 2009, 11:54:09 pm
An easier way around this is to set your broadband router up to forward port 80 from the internet to your core on port 81 (say) - in other words your are doing a PAT and NAT. Then on your core you simply set up another forward from port 81 to port 80 on your web site, thus completely skipping the port 80 issue. You can deal with the admin site externally using a similar method.
Title: Re: webserver behind Linuxmce core
Post by: mejborn on June 08, 2009, 08:17:58 am
My problem with this is that i've just replaced my internet router with an ordinary modem so that my core is the router on my network. But maybe I should put my soekris 5501 (which is also my webserver) between the modem and the core and have it redirect all traffic to the core except port 80?