Re: IRC under NAT

To: *debian <debian-user@lists.debian.org>
Subject: Re: IRC under NAT
From: Rob Weir <rweir@ertius.org>
Date: Fri, 18 Apr 2003 17:23:33 +1000
Message-id: <[🔎] 20030418072333.GF9970@thebox.bloog.ddts.net>
Mail-followup-to: *debian <debian-user@lists.debian.org>
In-reply-to: <03a301c2ee57$9c708360$6800817d@guilherme>
References: <03a301c2ee57$9c708360$6800817d@guilherme>

On Wed, Mar 19, 2003 at 05:39:17PM -0300, GBV wrote:
> I´m using Debian 3.0r1 with kernel 2.4.19 as a iptables firewall
> 
> I have internal webservers that I need to publish as Internet Sites For this
> manipulation I´m using Apache ProxyPass. The site works perfectly under
> apache.. even when the internal host is an ISS.
> 
> 1. How can I do it without apache proxypass, using iptables?

Just forward port 80 on the outside of your firewall to port 80 of your
internal webserver.  That should work fine...there are dozens of
tutorials out there online, 'iptables port forwarding' will no doubt
find you the answer.

> 2. This internal webserver also have a IRC server... how can I manipulating
> iptables, to the external hosts use this internal IRC server, since i´m only
> "sharing" the httpd via apache proxypass?

Use the ipt_nat_irc and ipt_conntrack_irc modules with iptables, then
let ESTABLISHED and RELATED connections through.

> 3. Since I´m using apache proxypass I defined in virtualhosts that
> '/internalhost' leads to http://192.168.0.69:8080 , and I need to mantain
> that www.foo.com/internalhost , but using iptables someway. 

Not possible.  Not unless you use some absolutely hideous ipt_string
hack.  iptables works on the tcp level, and does not understand HTTP at
all, which is required for redirecting people based on URL.  Just keep
using proxypass or squid or something.

> And I need the
> ircd of this internal server, responds via the same host. 

Sure.

> I´d like to
> mantain my apache since it´s in use... Is it possible? 

This should certainly work.  Just forward port 6666 as well as port 80,
as above.

> OR I´ll have to put
> this apache in another internal host, and them using iptables for
> manipulating?

Shouldn't be neccessary.

> 4. I´ve create in my DNS an internalhost.foo.com that leads to
> www.foo.com/internalhost this must be manteined too.
> 
> I have something like:
> 
> Internet -> Firewall(Debian) -> Internal httpd and ircd server
> external           foo.com
> internal         192.168.0.1                      192.168.0.69

Yes, but as I as said above, iptabls cannot do this.  Your current setup
works great for this, why do you want to break it?

-- 
Rob Weir <rweir@ertius.org>                              http://www.ertius.org/
GPG keys: 1024D/1E73B7CD, 4096R/3ABDE5EC     |      Do I look like I want a CC?
Words of the day:    Mantis Reno Iran diwn benelux Albright Blowfish Merlin MD2

Attachment: pgpgeu67QKEXO.pgp
Description: PGP signature

Reply to:

Prev by Date: Re: Msqp TCP port: 0
Next by Date: Re: Please help. XFree86 4.3
Previous by thread: Re: algorithm for correct sources.list lines?
Next by thread: Re: validate xml against xsd
Index(es):
- Date
- Thread