httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert Gormley" <rob...@seabreeze.asn.au>
Subject [users@httpd] Virtual Host / Firewall Configuration
Date Thu, 15 May 2003 00:10:56 GMT
Hi,

I have an issue that is causing me no end of headache.

An Apache server (192.168.1.1) sitting behind a PIX firewall. The PIX
firewall takes requests for the external IP address of the server
(a.b.c.d) and NAT translates them. By this method, the server has no
idea of its external IP address (although it is static and used only for
it). I don't have any able to change this in the firewall (well, not
administratively).

My issue is that the server gets confused. Any virtual host which is
referenced by an internal DNS entry - pointing to 192.168.1.1 works
fine, with the appropriate site displayed, however, any external user
gets the first internal site listed, regardless of which external site
was requested. I believe this might be because of the NAT translation(?)
causing Apache to think it's getting requests for the internal IP.

So I tried something else in my httpd.conf:

NameVirtualHost 192.168.1.1
NameVirtualHost a.b.c.d

<VirtualHost 192.168.1.1>
	...
	ServerName internal.site.a
	...
</VirtualHost>

<VirtualHost 192.168.1.1
	...
	ServerName internal.site.b
	...
</VirtualHost>

<VirtualHost a.b.c.d>
	...
	ServerName external.site.a
	...
</VirtualHost>

<VirtualHost a.b.c.d>
	...
	ServerName external.site.b
	...
</VirtualHost>


And still, the same. Internal Sites A and B work for internal users, as
expected, but any request for External Site A or B from an external user
(due to the firewall, internal users cannot request 'external sites'),
is responded to with Internal Site A.

Any suggestions would be greatly appreciated.

Robert




---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message