Solved

IPCop 1:1 SNAT

Posted on 2009-07-14
5
752 Views
Last Modified: 2013-12-25
I have just leased a set of 5 static IP's to configure into my network.. here was my previous setup:

WEB-->FIREWALL-->PORT80 FORWARD-->OCTAGATE REVERSE PROXY-->web1 or web2

the proxy would point to the correct web server depending on the HTTP header.. the problem was the proxy had to handle ALL requests. so i purchased the IP's to correct this.. only now im stuck here:

WEB-->FIREWALL-->web1 or web2

It's simply not working, i have a range of IP's: X.X.X.226 - X.X.X.230

226 is the firewall, 227, 228, 229, 230 are alias IP's

the setup:
Firewall: IPCop, IPFire and Smoothwall, no luck on any (willing to use any of the three)

I have read that this would work if I were forwarding alias IP's to servers in the DMZ only my servers are 1U's w/only 1 onboard NIC and 1 PCI NIC.. this leaves no room to setup a DMZ

..updated closed previous case

NOW, i have setup IPCop on a new 1U with 3 NIC's, still no luck
it points to the correct server but the server does not seem to "parse" the http header
It displays a generic welcome page instead of the domain requested.
any ideas?
0
Comment
Question by:p3rlphr33k
  • 5
5 Comments
 

Author Comment

by:p3rlphr33k
ID: 24863830
Here are the server's software setup:
Apache 2.2.6, PHP 5.2.4, MySQL 5.0.45, Postfix, BIND9, POP3/IMAP

Was running it behind a single IP with, IPCop was forwarding all port 80 requests to single server running win2003 with Octagate reverse proxy.

network was picking up traffic and started to slow way down so i leased 5 statics from my isp. now i have all statics configured as alias IP's port forwarding to the corresponding server in the DMZ e.g.
24.x.x.229=>10.0.0.29
and
24.x.x.230=>10.0.0.30

Thats all fine and dandy... but IPCop's NAT destorys the HTTP Header that calls the correct domain.
I have modfied the replies with the somthing similar to this:

/sbin/iptables -t nat -A RED -s 10.x.x.29 -o $RED -j SNAT --to-source 24.x.x.229
/sbin/iptables -t nat -A RED -s 10.x.x.30 -o $RED -j SNAT --to-source 24.x.x.230

I can enter a URL from an external addess, an it replies with a generic "Shared IP" or "Fedora Test Page" I can run lynx --dump whatismyip.com and verify alias is working...

so.. i think i covered most everything but the packet its self since thats how the virtual server operates what do you think?
0
 

Author Comment

by:p3rlphr33k
ID: 24863860
I think i need to add an IPTable to to check source address, port and forward full packet to server to get the correct response.. but I am horrible with iptables I guess rather than looking at my issue at large, this is what i would like to do with IPtables:
check alias IP if it matches one on the defined:
24.x.x.228, 24.x.x.229, 24.x.x.230
and matches port:
80, 81
forward packet to internal address associated with alias IP..

Can anyone help me with this iptable??
0
 

Author Comment

by:p3rlphr33k
ID: 24863897
I have also started testing Endia Community Firewall, which does the SNAT routing back to the Alias IP so the manual editing of the IPTables are no longer needed for routing response to alias. Now its just routing the packets from alias to server.. hope thismakes my question a little easier. if you guys keep up the great help I might just answer this on my own..
0
 

Author Comment

by:p3rlphr33k
ID: 24865358
I found a solution on a FREE web site... thanks for nothing again
0
 

Accepted Solution

by:
p3rlphr33k earned 0 total points
ID: 24869532
http://www.the-scream.co.uk/forums/showthread.php?p=230444#post230444 this guy needs to be sent a check from the idiots here.
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question