httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jeff Cohen" <supp...@gej-it.com>
Subject RE: [users@httpd] Virtual Host / Firewall Configuration
Date Thu, 15 May 2003 00:56:28 GMT
Well, the problem is not in the external IP address not being recognized,
the problem by what you are saying is that the PIX does not forward the host
headers information.
Check the PIX for such configuration, I'm running Vhosts on IIS behind PIX
and it's working, I am planning to move all the Vhosts and the servers to
Apache on Linux though.
I see no other reason that this should not work.
Have you tried doing:
NameVirtualHost *

<VirtualHost *>
ServerName www.domain.com
DocumentRoot /usr/path
...
</VirtualHost>


All the best,
Jeff Cohen
Jeff@GEJ-IT.com
Tel. (416) 917-2324
www.GEJ-IT.com
GEJ-IT Networks!

> -----Original Message-----
> From: Robert Gormley [mailto:robert@seabreeze.asn.au]
> Sent: Wednesday, May 14, 2003 8:35 PM
> To: users@httpd.apache.org
> Subject: RE: [users@httpd] Virtual Host / Firewall Configuration
> 
> There's just one external IP, and there's a 1-to-1 correlation (I can't
> possibly imagine why it's NATted, other than someone's uninformed
> attempt to make the system multihomed.
> 
> To clarify, one external IP, a.b.c.d, one internal IP, 192.168.1.1, it's
> just that the system has no knowledge or concept of its external IP
> address.
> 
> Thanks,
> 
> Robert
> 
> -----Original Message-----
> From: Jeff Cohen [mailto:support@gej-it.com]
> Sent: Thursday, 15 May 2003 10:28 AM
> To: users@httpd.apache.org
> Subject: RE: [users@httpd] Virtual Host / Firewall Configuration
> 
> How many external IPs do you have?
> 
> Jeff Cohen
> Jeff@GEJ-IT.com
> Tel. (416) 917-2324
> www.GEJ-IT.com
> GEJ-IT Networks!
> 
> > -----Original Message-----
> > From: Robert Gormley [mailto:robert@seabreeze.asn.au]
> > Sent: Wednesday, May 14, 2003 8:11 PM
> > To: users@httpd.apache.org
> > Subject: [users@httpd] Virtual Host / Firewall Configuration
> >
> > Hi,
> >
> > I have an issue that is causing me no end of headache.
> >
> > An Apache server (192.168.1.1) sitting behind a PIX firewall. The PIX
> > firewall takes requests for the external IP address of the server
> > (a.b.c.d) and NAT translates them. By this method, the server has no
> > idea of its external IP address (although it is static and used only
> for
> > it). I don't have any able to change this in the firewall (well, not
> > administratively).
> >
> > My issue is that the server gets confused. Any virtual host which is
> > referenced by an internal DNS entry - pointing to 192.168.1.1 works
> > fine, with the appropriate site displayed, however, any external user
> > gets the first internal site listed, regardless of which external site
> > was requested. I believe this might be because of the NAT
> translation(?)
> > causing Apache to think it's getting requests for the internal IP.
> >
> > So I tried something else in my httpd.conf:
> >
> > NameVirtualHost 192.168.1.1
> > NameVirtualHost a.b.c.d
> >
> > <VirtualHost 192.168.1.1>
> > 	...
> > 	ServerName internal.site.a
> > 	...
> > </VirtualHost>
> >
> > <VirtualHost 192.168.1.1
> > 	...
> > 	ServerName internal.site.b
> > 	...
> > </VirtualHost>
> >
> > <VirtualHost a.b.c.d>
> > 	...
> > 	ServerName external.site.a
> > 	...
> > </VirtualHost>
> >
> > <VirtualHost a.b.c.d>
> > 	...
> > 	ServerName external.site.b
> > 	...
> > </VirtualHost>
> >
> >
> > And still, the same. Internal Sites A and B work for internal users,
> as
> > expected, but any request for External Site A or B from an external
> user
> > (due to the firewall, internal users cannot request 'external sites'),
> > is responded to with Internal Site A.
> >
> > Any suggestions would be greatly appreciated.
> >
> > Robert
> >
> >
> >
> >
> > ---------------------------------------------------------------------
> > The official User-To-User support forum of the Apache HTTP Server
> Project.
> > See <URL:http://httpd.apache.org/userslist.html> for more info.
> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> > For additional commands, e-mail: users-help@httpd.apache.org
> 
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server
> Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 
> 
> 
> 
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message