[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

RE: AW: Debian Server with IPCop

> Yes, you'll need three ports on your firewall for RED/ORANGE/GREEN
> respectively.
> Yes you can host a website, but you probably should spend some time
> learning about apache in more details.  It's pretty feature rich.
> --

Damn right, but for a small setup these tips might give you some directions,

IPCOP listens on RED, if a request for >your.ip.add.ress:80< is available it
will forward the request according to your rule and forward it to
>my.dmz.ip.here:80< to ORANGE (ipcop as a router would have e.g. make sure Apache listens on >my.dmz.ip.here:80< and will answer
to the http request and gives back the result to the firewall which will
forward the paket to client on red...

The whole apache machine (network interfaces settings & routings & apache
httpd.conf) needs to have the >my.dmz.ip.here< , as I said before e.g. This is the only thing you have to make sure. In apache you
put/change --> Listen my.dmz.ip.here:80 <-- in your httpd.conf - also you
still use your fqdn like e.g. www.mydomain.com with this address

How to do the portforwarding, take a look here :-)
For more info on apache 1.3 directives look here :-)

BTW, using an apache on GREEN, IPCOP will NOT allow any connection from RED
(unless the orginal request was from inside GREEN). This is forbidden by
design, just to make sure you get it right. Therefore the DMZ/ORANGE....

You can use

Internet - -------------|------------------|
Provider ips - 212/213/214/215	       |                          |
which will be forwarded to ORANGE	DMZ -	GREEN -
					clients	clients
					/3/4/5/		/3/4/5

Portforward from RED to ORANGE:

WEBSERVER Port 80  ----> Port 80

MAILSERVER Port 25  ----> Port 80

and so on........

Ah almost forgot, to get access to the DMZ do a "route add" on every client
on GREEN, so they'll know how to reach the DMZ.... on wintendo clients a -p
makes the entry permanent, don't know if it's the same for 'nix.


Reply to: