RE: AW: Debian Server with IPCop

To: <debian-user@lists.debian.org>
Subject: RE: AW: Debian Server with IPCop
From: "Jens Simmoleit" <simmel@anymotion.de>
Date: Mon, 10 May 2004 15:06:03 +0200
Message-id: <[🔎] AHEKLJMBOMKBNCOCJICPEELJCJAA.simmel@anymotion.de>
In-reply-to: <[🔎] 409F5A5D.3080600@tacocat.net>

>
> Yes, you'll need three ports on your firewall for RED/ORANGE/GREEN
> respectively.
> Yes you can host a website, but you probably should spend some time
> learning about apache in more details.  It's pretty feature rich.
>
>
> --

Damn right, but for a small setup these tips might give you some directions,

IPCOP listens on RED, if a request for >your.ip.add.ress:80< is available it
will forward the request according to your rule and forward it to
>my.dmz.ip.here:80< to ORANGE (ipcop as a router would have e.g.
10.0.0.1)... make sure Apache listens on >my.dmz.ip.here:80< and will answer
to the http request and gives back the result to the firewall which will
forward the paket to client on red...

The whole apache machine (network interfaces settings & routings & apache
httpd.conf) needs to have the >my.dmz.ip.here< , as I said before e.g.
10.0.0.2. This is the only thing you have to make sure. In apache you
put/change --> Listen my.dmz.ip.here:80 <-- in your httpd.conf - also you
still use your fqdn like e.g. www.mydomain.com with this address 10.0.0.2.

How to do the portforwarding, take a look here :-)
http://www.ipcop.org/1.3.0/en/admin/html/services.html#services_portforward
For more info on apache 1.3 directives look here :-)
http://httpd.apache.org/docs/mod/directives.html

BTW, using an apache on GREEN, IPCOP will NOT allow any connection from RED
(unless the orginal request was from inside GREEN). This is forbidden by
design, just to make sure you get it right. Therefore the DMZ/ORANGE....

You can use

Internet - 210.210.210.211 -------------|------------------|
Provider ips - 212/213/214/215	       |                          |
which will be forwarded to ORANGE	DMZ - 10.0.0.1	GREEN - 192.168.0.1
"isolated"
					clients 10.0.0.2	clients 192.168.0.2
					/3/4/5/		/3/4/5


Portforward from RED to ORANGE:

WEBSERVER
210.210.210.212 Port 80  ----> 10.0.0.2 Port 80

MAILSERVER
210.210.210.213 Port 25  ----> 10.0.0.3 Port 80

and so on........

Ah almost forgot, to get access to the DMZ do a "route add" on every client
on GREEN, so they'll know how to reach the DMZ.... on wintendo clients a -p
makes the entry permanent, don't know if it's the same for 'nix.

HTH,
Simmel

Reply to:

References:
- Re: AW: Debian Server with IPCop
  - From: Tom Allison <tallison@tacocat.net>

Prev by Date: Re: mouse doesnt work in console
Next by Date: Hilton Non-Delivery Notification
Previous by thread: Re: AW: Debian Server with IPCop
Next by thread: Re: Debian Server with IPCop
Index(es):
- Date
- Thread