Solved

Ubuntu intranet server for two isolated networks...

Posted on 2006-11-14
8
1,099 Views
Last Modified: 2013-11-15
Hi,

I have a ubuntu box where I want to run an intranet web server, the box has two nics, one at 192.168.33.10 and the other at 172.22.100.10. No internet access is involved in this scenario, only intranet services.

This webserver (apache) should be available from both networks, however, traffic from any of these two networks should under *no circumstance* be allowed to 'leak' over to the 'opposite' network.

I.e. workstations from both networks should be able to access the webserver's port 80 and 443, but nothing else.

How do I set up this so I'm absolutely sure that no traffic leaks between these two nics...?

Thanks a lot for some guidance here

regards

Tor
0
Comment
Question by:geir056
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
8 Comments
 
LVL 14

Expert Comment

by:pablouruguay
ID: 17945961
you can define virtualhosts for this in this document you have many examples
http://www-uxsup.csx.cam.ac.uk/pub/doc/suse/suse9.2/suselinux-adminguide_en/ch23s09.html

and y cut a part of this

23.9.2.2. Virtual Hosts with IPs

Once IP aliasing has been set up on the system or the host has been configured with several network cards, Apache can be configured. Specify a separate VirtualHost block for every virtual server:

<VirtualHost 192.168.1.20>
    ServerName www.myothercompany.com
    DocumentRoot /srv/www/htdocs/myothercompany.com
    ServerAdmin webmaster@myothercompany.com
    ErrorLog /var/log/apache2/www.myothercompany.com-error_log
    CustomLog /var/log/apache2/www.myothercompany.com-access_log common
</VirtualHost>

<VirtualHost 192.168.1.21>
    ServerName www.anothercompany.com
    DocumentRoot /srv/www/htdocs/anothercompany.com
    ServerAdmin webmaster@anothercompany.com
    ErrorLog /var/log/apache2/www.anothercompany.com-error_log
    CustomLog /var/log/apache2/www.anothercompany.com-access_log common
</VirtualHost>
0
 

Author Comment

by:geir056
ID: 17946967
Thanks for the tip regarding virtualhosts.  However I realize that I might have expressed myself unclearly.

The webserver mentioned is *the same* for both subnets, i.e. that both nic1 at 192.168.33.0 and nic2 at 172.22.100.0 should both have access to the 'myintranet.local' webserver.  In this case I assume that I don't need to use virtualhosts.

However as stated in the original post my main concern is that both networks should be completely isolated from each other, and only traffic on port 80 and 443 from each of the two nics should be able to talk to the webserver.  But at the same time traffic from one of these nics should be about galvanically isolated from the other nic and vice versa...

Would it be easier to insert a third NIC (nic3 at 192.168.11.10) in the box and assign this nic to the webserver?  Then we have a 'real' ip address for the webserver and I can also use this NIC for other services that I want to share for both networks.

Thanks for comments on this

regards

Tor
0
 
LVL 14

Accepted Solution

by:
pablouruguay earned 100 total points
ID: 17947177
i think you only need LISTEN 192.168.33.1:80
LISTEN 172.22.100.1:80
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 

Author Comment

by:geir056
ID: 17949010
OK, but as I'm a newbie I need to know the exact commands and in which file to put them.

You assume that I have three nics as mentioned in the last post and that nic3 listens to nic1 and nic2.   Apache is configured to listen to ni3's IP, right?

Thanks

Tor
0
 
LVL 6

Expert Comment

by:_iskywalker_
ID: 17951218
Change as the others said the file:
and put virtual hosts, maybe listen would suffice but virtual host is better, so you know what is what, and if you want to have separated dirs.
http://www.debuntu.org/2006/02/22/7-virtual-hosting-using-apache-2
there is a good howto.
0
 

Author Comment

by:geir056
ID: 17951274
Sorry but I am still confused.  When I open the link above it says:

'Virtual Hosting allow web servers to host more than one website on a single machine.'

This is exactly the opposite of what I am asking for.  I want the *same webserver/website* to be visible from two different nics, but I want the nics to be completely isolated from *each other*  

Do I get this result by using virtual hosts..?

Thanks for comments

regards

Tor
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A quick step-by-step overview of installing and configuring Carbonite Server Backup.
The Delta outage: 650 cancelled flights, more than 1200 delayed flights, thousands of frustrated customers, tens of millions of dollars in damages – plus untold reputational damage to one of the world’s most trusted airlines. All due to a catastroph…
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question