IPCop 1:1 SNAT

I have just leased a set of 5 static IP's to configure into my network.. here was my previous setup:

WEB-->FIREWALL-->PORT80 FORWARD-->OCTAGATE REVERSE PROXY-->web1 or web2

the proxy would point to the correct web server depending on the HTTP header.. the problem was the proxy had to handle ALL requests. so i purchased the IP's to correct this.. only now im stuck here:

WEB-->FIREWALL-->web1 or web2

It's simply not working, i have a range of IP's: X.X.X.226 - X.X.X.230

226 is the firewall, 227, 228, 229, 230 are alias IP's

the setup:
Firewall: IPCop, IPFire and Smoothwall, no luck on any (willing to use any of the three)

I have read that this would work if I were forwarding alias IP's to servers in the DMZ only my servers are 1U's w/only 1 onboard NIC and 1 PCI NIC.. this leaves no room to setup a DMZ

..updated closed previous case

NOW, i have setup IPCop on a new 1U with 3 NIC's, still no luck
it points to the correct server but the server does not seem to "parse" the http header
It displays a generic welcome page instead of the domain requested.
any ideas?
p3rlphr33kAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

p3rlphr33kAuthor Commented:
Here are the server's software setup:
Apache 2.2.6, PHP 5.2.4, MySQL 5.0.45, Postfix, BIND9, POP3/IMAP

Was running it behind a single IP with, IPCop was forwarding all port 80 requests to single server running win2003 with Octagate reverse proxy.

network was picking up traffic and started to slow way down so i leased 5 statics from my isp. now i have all statics configured as alias IP's port forwarding to the corresponding server in the DMZ e.g.
24.x.x.229=>10.0.0.29
and
24.x.x.230=>10.0.0.30

Thats all fine and dandy... but IPCop's NAT destorys the HTTP Header that calls the correct domain.
I have modfied the replies with the somthing similar to this:

/sbin/iptables -t nat -A RED -s 10.x.x.29 -o $RED -j SNAT --to-source 24.x.x.229
/sbin/iptables -t nat -A RED -s 10.x.x.30 -o $RED -j SNAT --to-source 24.x.x.230

I can enter a URL from an external addess, an it replies with a generic "Shared IP" or "Fedora Test Page" I can run lynx --dump whatismyip.com and verify alias is working...

so.. i think i covered most everything but the packet its self since thats how the virtual server operates what do you think?
0
p3rlphr33kAuthor Commented:
I think i need to add an IPTable to to check source address, port and forward full packet to server to get the correct response.. but I am horrible with iptables I guess rather than looking at my issue at large, this is what i would like to do with IPtables:
check alias IP if it matches one on the defined:
24.x.x.228, 24.x.x.229, 24.x.x.230
and matches port:
80, 81
forward packet to internal address associated with alias IP..

Can anyone help me with this iptable??
0
p3rlphr33kAuthor Commented:
I have also started testing Endia Community Firewall, which does the SNAT routing back to the Alias IP so the manual editing of the IPTables are no longer needed for routing response to alias. Now its just routing the packets from alias to server.. hope thismakes my question a little easier. if you guys keep up the great help I might just answer this on my own..
0
p3rlphr33kAuthor Commented:
I found a solution on a FREE web site... thanks for nothing again
0
p3rlphr33kAuthor Commented:
http://www.the-scream.co.uk/forums/showthread.php?p=230444#post230444 this guy needs to be sent a check from the idiots here.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking

From novice to tech pro — start learning today.