IPCop v1.3.0, external aliases, IPs

[silver]

server is on 10.0.0.29 - private space (presume DMZ of ipcop) with mask of 255.255.255.0

'red' side of IPcop - lets say that has a default IP of 123.0.0.1

- now you need to have an alias setup on ipcop for the other assigned IPs (given by ISP) so lets say there's an alias IP of 123.0.0.29 - which is added in IPcop as an alias IP and then we need a port forward rule to forward 80 on 123.0.0.29 to 80 on 10.0.0.29

is this how it is?

also, now goto http://www.rexswain.com/httpview.html and enter first the external IP for the server, e.g. http://123.0.0.29 - now use the DNS name for that website / IP address ?

[p3rlphr33k]

correct
all statics are configured on RED
226 - RED
227 - alias extra
228 - alias forward to SQL server in DMZ
229 - alias forward to web1 on DMZ (virtual host)
230 - alias forward to web2 on DMZ (dedicated)

the forward ports for 229:

22,25,80,81,110,143

[silver]

right - now what happens when you put in the red (internet) IP for the web1 box as a web address on

http://www.rexswain.com/httpview.html

e.g. http://123.0.0.229

[p3rlphr33k]

wow, i got it working, well... here goes my foot in my own mouth...
I disabled SNAT, checked the apache log..nothing was going through
apache was configured to listen on *:80 I checked vhost.conf files.. they were listening on external IP 24.x.x.229:80, changed to internal DMZ IP: 10.x.x.29:80, WORKED
Man I must say I did doubt you... but you were right. thanks ALOT for your time and effort to help a complete stranger!!

[silver]

no worries,. it's easily mistake to make when you are moving boxes between networks,. I am a diehard fan of apache 1.3 so I cannot help with 2.0 (or later?) configs

another very common thing (we have all done it!) is expect to be able to address the DMZ box from inside the network using it's external IP address - some NAT can be setup to make this work but by default IPcop does not allow this (last I checked)

have fun

[silver]

one other thing to mention while I think on it,. the "228 - alias forward to SQL server in DMZ" - remember that you only need to map ports for the services you require outside of the DMZ,.

so most times for example you do not want SQL going outside of the DMZ,. since you may be accessing SQL from the webservers inside the DMZ you will be accessing it via it's private IP and no need to try and make it go via the IPcop / NAT

also you can restrict port mappings to IPs or IP ranges,. I allow access to https from the internet but only to specific listed IPs,. think the setting is on the port forward page in ipcop

[p3rlphr33k]

Remember that you only need to map ports for the services you require outside of the DMZ

Thanks for lookin out! I do have 1 server outside my network that uses the MySQL server, 3306 has been configured and working

The other sites use the internal IP so that works out quite well. I was looking for a donate button of some sort on the site but couldn't locate one. I have not much to spare, but i would like for you to get a beer on me! If you have a paypal shoot me an email.. p3rlphr33k at gmail dot com

Again thanks for your help!

--FYI I have err..um..had a subscription to expert exchange... (what a joke) i didn't even get a respond on the question. I closed the issue as solved with a link to this site and cancelled my subscription.

[silver]

cool

no money is needed, site has it's birthday this week so it is part of the service The Scream! is 10 Years Old!