[Shorewall-newbies] Shorewall routing + Apache
teastep at shorewall.net
Thu Jan 22 12:47:01 PST 2004
On Thursday 22 January 2004 12:19 pm, Bill.Light at kp.org wrote:
> Trying to follow the documentation...
> I am routed
> I have 5 IP addresses assigned by SBC
> So we have
> So my firewall route uses X.Y.Z.121
> My firewall connects to the Internet with eth0 X.Y.Z.122
> eth1 goes to my server in the DMZ with a 192.0
> The DMZ box (also running shorewall) gets:
> eth0 X.Y.Z.123
> eth0:1 X.Y.Z.124
> eth0:2 X.Y.Z.125
> eth0:3 X.Y.Z.126
> httpd.conf now says to listen to:
> VirtualHost X.Y.Z.12x
> ServerAdmin blah at blah-blah.com
> DocumentRoot /home/blahx/htdocs
> ServerName blahx.com
> "x" For each address
> I can ping all addresses, I can get http:80 to answer on all 4 addresses,
> but all 4 reply with the .123 web page.
> Am I using all of the addresses supplied by SBC correctly ?
Well, I wouldn't use them that way. If all you want is virtual hosting, Apache
can do that using just a single IP address.
> Am I doing Routing, Shorewall, or Apache incorrectly?
I haven't a clue -- you are clearly doing ONE of them wrong though.
> Do I use all four of the addresses for web pages or set one or two aside
> as "spare" ?
> (Mail, another DMZ box, or whatever)
The latter is what I would do (and it is what I actually do -- see
http://www.shorewall.net/myfiles.htm. Note that my setup is not routed so I
need to use Proxy ARP whereas you do not). You can see the virtual hosting at
work at my site: http://shorewall.net/ and http://lists.shorewall.net/ are
running on the same instance of apache. You will also note that they have the
same IP address.
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep at shorewall.net
More information about the Shorewall-newbies