[Shorewall-newbies] Shorewall routing + Apache

Tom Eastep teastep at shorewall.net
Thu Jan 22 12:59:46 PST 2004


On Thursday 22 January 2004 12:47 pm, Tom Eastep wrote:
> On Thursday 22 January 2004 12:19 pm, Bill.Light at kp.org wrote:
> > Trying to follow the documentation...
> >
> > I am routed
> > I have 5 IP addresses assigned by SBC
> >
> > So we have
> > CIDR=X.Y.Z.121/29
> > NETMASK=255.255.255.248
> > NETWORK=X.Y.Z.120
> > BROADCAST=X.Y.Z.127
> >
> > So my firewall route uses X.Y.Z.121
> > My firewall connects to the Internet with eth0 X.Y.Z.122
> > eth1 goes to my server in the DMZ with a 192.0
> >
> > The DMZ box (also running shorewall) gets:
> > eth0            X.Y.Z.123
> > eth0:1  X.Y.Z.124
> > eth0:2  X.Y.Z.125
> > eth0:3  X.Y.Z.126
> >
> > httpd.conf now says to listen to:
> > X.Y.Z.123:80
> > X.Y.Z.124:80
> > X.Y.Z.125:80
> > X.Y.Z.126:80
> >
> > BindAddress
> > X.Y.Z.123
> > X.Y.Z.124
> > X.Y.Z.125
> > X.Y.Z.126
> >
> > VirtualHost X.Y.Z.12x
> >         ServerAdmin     blah at blah-blah.com
> >         DocumentRoot    /home/blahx/htdocs
> >         ServerName      blahx.com
> >
> > "x" For each address
> >
> > I can ping all addresses, I can get http:80 to answer on all 4 addresses,
> > but all 4 reply with the .123 web page.
> >
> > Questions:
> >
> > Am I using all of the addresses supplied by SBC correctly ?
>
> Well, I wouldn't use them that way. If all you want is virtual hosting,
> Apache can do that using just a single IP address.
>
> > Am I doing Routing, Shorewall, or Apache incorrectly?
>
> I haven't a clue -- you are clearly doing ONE of them wrong though.
>
> > Do I use all four of the addresses for web pages or set one or two aside
> > as "spare" ?
> >          (Mail, another DMZ box, or whatever)
>
> The latter is what I would do (and it is what I actually do -- see
> http://www.shorewall.net/myfiles.htm. Note that my setup is not routed so I
> need to use Proxy ARP whereas you do not). You can see the virtual hosting
> at work at my site: http://shorewall.net/ and http://lists.shorewall.net/
> are running on the same instance of apache. You will also note that they
> have the same IP address.
>

Here's an excerpt from my httpd.conf file:
--------------------------------------------------------------------------------
NameVirtualHost 206.124.146.177:80

<VirtualHost 206.124.146.177:80>
        Alias /pipermail /var/mailman/archives/public
        ServerName lists.shorewall.net
        DocumentRoot /var/www/lists
</VirtualHost>

<VirtualHost 206.124.146.177:80>
        ServerName www1.shorewall.net
        AddDefaultCharset utf-8
        DocumentRoot /var/www/html
</VirtualHost>

<VirtualHost 206.124.146.177:80>
        ServerName shorewall2.shorewall.net
        AddDefaultCharset utf-8
        DocumentRoot /var/www/html
</VirtualHost>

<VirtualHost 206.124.146.177:80>
        ServerName shorewall.net
        AddDefaultCharset utf-8
        DocumentRoot /var/www/html
</VirtualHost>

<VirtualHost 206.124.146.177:80>
        ServerName cvs.shorewall.net
        DocumentRoot /var/www/html
</VirtualHost>

<VirtualHost 206.124.146.177:80>
        DocumentRoot /var/www/error
        AddDefaultCharset utf-8
        ServerAlias *.shorewall.net
</VirtualHost>
----------------------------------------------------------------------
-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep at shorewall.net




More information about the Shorewall-newbies mailing list