Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

IPCop 1:1 SNAT

Posted on 2009-07-14
5
Medium Priority
?
810 Views
Last Modified: 2013-12-25
I have just leased a set of 5 static IP's to configure into my network.. here was my previous setup:

WEB-->FIREWALL-->PORT80 FORWARD-->OCTAGATE REVERSE PROXY-->web1 or web2

the proxy would point to the correct web server depending on the HTTP header.. the problem was the proxy had to handle ALL requests. so i purchased the IP's to correct this.. only now im stuck here:

WEB-->FIREWALL-->web1 or web2

It's simply not working, i have a range of IP's: X.X.X.226 - X.X.X.230

226 is the firewall, 227, 228, 229, 230 are alias IP's

the setup:
Firewall: IPCop, IPFire and Smoothwall, no luck on any (willing to use any of the three)

I have read that this would work if I were forwarding alias IP's to servers in the DMZ only my servers are 1U's w/only 1 onboard NIC and 1 PCI NIC.. this leaves no room to setup a DMZ

..updated closed previous case

NOW, i have setup IPCop on a new 1U with 3 NIC's, still no luck
it points to the correct server but the server does not seem to "parse" the http header
It displays a generic welcome page instead of the domain requested.
any ideas?
0
Comment
Question by:p3rlphr33k
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
5 Comments
 

Author Comment

by:p3rlphr33k
ID: 24863830
Here are the server's software setup:
Apache 2.2.6, PHP 5.2.4, MySQL 5.0.45, Postfix, BIND9, POP3/IMAP

Was running it behind a single IP with, IPCop was forwarding all port 80 requests to single server running win2003 with Octagate reverse proxy.

network was picking up traffic and started to slow way down so i leased 5 statics from my isp. now i have all statics configured as alias IP's port forwarding to the corresponding server in the DMZ e.g.
24.x.x.229=>10.0.0.29
and
24.x.x.230=>10.0.0.30

Thats all fine and dandy... but IPCop's NAT destorys the HTTP Header that calls the correct domain.
I have modfied the replies with the somthing similar to this:

/sbin/iptables -t nat -A RED -s 10.x.x.29 -o $RED -j SNAT --to-source 24.x.x.229
/sbin/iptables -t nat -A RED -s 10.x.x.30 -o $RED -j SNAT --to-source 24.x.x.230

I can enter a URL from an external addess, an it replies with a generic "Shared IP" or "Fedora Test Page" I can run lynx --dump whatismyip.com and verify alias is working...

so.. i think i covered most everything but the packet its self since thats how the virtual server operates what do you think?
0
 

Author Comment

by:p3rlphr33k
ID: 24863860
I think i need to add an IPTable to to check source address, port and forward full packet to server to get the correct response.. but I am horrible with iptables I guess rather than looking at my issue at large, this is what i would like to do with IPtables:
check alias IP if it matches one on the defined:
24.x.x.228, 24.x.x.229, 24.x.x.230
and matches port:
80, 81
forward packet to internal address associated with alias IP..

Can anyone help me with this iptable??
0
 

Author Comment

by:p3rlphr33k
ID: 24863897
I have also started testing Endia Community Firewall, which does the SNAT routing back to the Alias IP so the manual editing of the IPTables are no longer needed for routing response to alias. Now its just routing the packets from alias to server.. hope thismakes my question a little easier. if you guys keep up the great help I might just answer this on my own..
0
 

Author Comment

by:p3rlphr33k
ID: 24865358
I found a solution on a FREE web site... thanks for nothing again
0
 

Accepted Solution

by:
p3rlphr33k earned 0 total points
ID: 24869532
http://www.the-scream.co.uk/forums/showthread.php?p=230444#post230444 this guy needs to be sent a check from the idiots here.
0

Featured Post

Looking for a new Web Host?

Lunarpages' assortment of hosting products and solutions ensure a perfect fit for anyone looking to get their vision or products to market. Our award winning customer support and 30-day money back guarantee show the pride we take in being the industry's premier MSP.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
If you’re involved with your company’s wide area network (WAN), you’ve probably heard about SD-WANs. They’re the “boy wonder” of networking, ostensibly allowing companies to replace expensive MPLS lines with low-cost Internet access. But, are they …
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question