Go Back   The Scream! > COMPUTER RELATED > PC Security

Reply
 
Thread Tools Display Modes
  #31  
Old 16-July-2009, 01:46
silver's Avatar
silver silver is offline
 
Join Date: Apr 2001
Location: Bournemouth, UK
Posts: 12,177
Default Re: IPCop v1.3.0, external aliases, IPs

server is on 10.0.0.29 - private space (presume DMZ of ipcop) with mask of 255.255.255.0

'red' side of IPcop - lets say that has a default IP of 123.0.0.1

- now you need to have an alias setup on ipcop for the other assigned IPs (given by ISP) so lets say there's an alias IP of 123.0.0.29 - which is added in IPcop as an alias IP and then we need a port forward rule to forward 80 on 123.0.0.29 to 80 on 10.0.0.29

is this how it is?

also, now goto http://www.rexswain.com/httpview.html and enter first the external IP for the server, e.g. http://123.0.0.29 - now use the DNS name for that website / IP address ?
Reply With Quote
  #32  
Old 16-July-2009, 03:10
p3rlphr33k
Guest
 
Posts: n/a
Default Re: IPCop v1.3.0, external aliases, IPs

correct
all statics are configured on RED
226 - RED
227 - alias extra
228 - alias forward to SQL server in DMZ
229 - alias forward to web1 on DMZ (virtual host)
230 - alias forward to web2 on DMZ (dedicated)

the forward ports for 229:

22,25,80,81,110,143

Last edited by p3rlphr33k; 16-July-2009 at 03:11. Reason: correction
Reply With Quote
  #33  
Old 16-July-2009, 10:25
silver's Avatar
silver silver is offline
 
Join Date: Apr 2001
Location: Bournemouth, UK
Posts: 12,177
Default Re: IPCop v1.3.0, external aliases, IPs

right - now what happens when you put in the red (internet) IP for the web1 box as a web address on

http://www.rexswain.com/httpview.html

e.g. http://123.0.0.229
Reply With Quote
  #34  
Old 16-July-2009, 15:32
p3rlphr33k
Guest
 
Posts: n/a
Default Re: IPCop v1.3.0, external aliases, IPs

wow, i got it working, well... here goes my foot in my own mouth...
I disabled SNAT, checked the apache log..nothing was going through
apache was configured to listen on *:80 I checked vhost.conf files.. they were listening on external IP 24.x.x.229:80, changed to internal DMZ IP: 10.x.x.29:80, WORKED
Man I must say I did doubt you... but you were right. thanks ALOT for your time and effort to help a complete stranger!!
Reply With Quote
  #35  
Old 16-July-2009, 19:25
silver's Avatar
silver silver is offline
 
Join Date: Apr 2001
Location: Bournemouth, UK
Posts: 12,177
Default Re: IPCop v1.3.0, external aliases, IPs

no worries,. it's easily mistake to make when you are moving boxes between networks,. I am a diehard fan of apache 1.3 so I cannot help with 2.0 (or later?) configs

another very common thing (we have all done it!) is expect to be able to address the DMZ box from inside the network using it's external IP address - some NAT can be setup to make this work but by default IPcop does not allow this (last I checked)

have fun
Reply With Quote
  #36  
Old 16-July-2009, 20:02
silver's Avatar
silver silver is offline
 
Join Date: Apr 2001
Location: Bournemouth, UK
Posts: 12,177
Default Re: IPCop v1.3.0, external aliases, IPs

one other thing to mention while I think on it,. the "228 - alias forward to SQL server in DMZ" - remember that you only need to map ports for the services you require outside of the DMZ,.

so most times for example you do not want SQL going outside of the DMZ,. since you may be accessing SQL from the webservers inside the DMZ you will be accessing it via it's private IP and no need to try and make it go via the IPcop / NAT

also you can restrict port mappings to IPs or IP ranges,. I allow access to https from the internet but only to specific listed IPs,. think the setting is on the port forward page in ipcop
Reply With Quote
  #37  
Old 16-July-2009, 21:39
p3rlphr33k
Guest
 
Posts: n/a
Default Re: IPCop v1.3.0, external aliases, IPs

Remember that you only need to map ports for the services you require outside of the DMZ
Thanks for lookin out! I do have 1 server outside my network that uses the MySQL server, 3306 has been configured and working

The other sites use the internal IP so that works out quite well. I was looking for a donate button of some sort on the site but couldn't locate one. I have not much to spare, but i would like for you to get a beer on me! If you have a paypal shoot me an email.. p3rlphr33k at gmail dot com

Again thanks for your help!

--FYI I have err..um..had a subscription to expert exchange... (what a joke) i didn't even get a respond on the question. I closed the issue as solved with a link to this site and cancelled my subscription.

Last edited by p3rlphr33k; 16-July-2009 at 21:40. Reason: correction
Reply With Quote
  #38  
Old 16-July-2009, 22:21
silver's Avatar
silver silver is offline
 
Join Date: Apr 2001
Location: Bournemouth, UK
Posts: 12,177
Default Re: IPCop v1.3.0, external aliases, IPs

cool

no money is needed, site has it's birthday this week so it is part of the service The Scream! is 10 Years Old!
Reply With Quote
Reply

Tags
123, birthday, broadband, cable, connection, dhcp, dns, email, forward, hacking, happy, home, internet, isp, line, mail, make, nat, network, offer, orange, port, public, security, smtp, talk, web, wireless, zone, zonealarm

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +1. The time now is 23:52.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2018, vBulletin Solutions, Inc.
Copyright 1999-2014 The Scream!