[Shorewall-newbies] Shorewall routing + Apache

Tom Eastep teastep at shorewall.net
Thu Jan 22 12:47:01 PST 2004

On Thursday 22 January 2004 12:19 pm, Bill.Light at kp.org wrote:
> Trying to follow the documentation...
> I am routed
> I have 5 IP addresses assigned by SBC
> So we have
> CIDR=X.Y.Z.121/29
> So my firewall route uses X.Y.Z.121
> My firewall connects to the Internet with eth0 X.Y.Z.122
> eth1 goes to my server in the DMZ with a 192.0
> The DMZ box (also running shorewall) gets:
> eth0            X.Y.Z.123
> eth0:1  X.Y.Z.124
> eth0:2  X.Y.Z.125
> eth0:3  X.Y.Z.126
> httpd.conf now says to listen to:
> X.Y.Z.123:80
> X.Y.Z.124:80
> X.Y.Z.125:80
> X.Y.Z.126:80
> BindAddress
> X.Y.Z.123
> X.Y.Z.124
> X.Y.Z.125
> X.Y.Z.126
> VirtualHost X.Y.Z.12x
>         ServerAdmin     blah at blah-blah.com
>         DocumentRoot    /home/blahx/htdocs
>         ServerName      blahx.com
> "x" For each address
> I can ping all addresses, I can get http:80 to answer on all 4 addresses,
> but all 4 reply with the .123 web page.
> Questions:
> Am I using all of the addresses supplied by SBC correctly ?

Well, I wouldn't use them that way. If all you want is virtual hosting, Apache 
can do that using just a single IP address.

> Am I doing Routing, Shorewall, or Apache incorrectly?

I haven't a clue -- you are clearly doing ONE of them wrong though.

> Do I use all four of the addresses for web pages or set one or two aside
> as "spare" ?
>          (Mail, another DMZ box, or whatever)

The latter is what I would do (and it is what I actually do -- see 
http://www.shorewall.net/myfiles.htm. Note that my setup is not routed so I 
need to use Proxy ARP whereas you do not). You can see the virtual hosting at 
work at my site: http://shorewall.net/ and http://lists.shorewall.net/ are 
running on the same instance of apache. You will also note that they have the 
same IP address.

Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep at shorewall.net

More information about the Shorewall-newbies mailing list