PDA

View Full Version : Port Forwarding Problem




Isoparm
Mar 3, 2011, 07:50 PM
I'm trying to forward requests from one port to another and running into problems.

I have a Mac Server (10.5) and a number of Mac clients. I want requests going to one of my clients for port 80 (192.168.1.20:80), to go instead to port 10080 (192.168.1.20:10080).

I've tried everything I can but I can't seem to get this to work. Here's what I've done:

I've added this to my ipfw.conf file:
add 100 fwd 192.168.1.20,80 ip from any to 192.168.1.20 dst-port 10080

But that didn't seem to work.


I also tried to add the correct info the my natd.conf.apple file.

natd.conf.apple:
interface en0
natportmap_interface en1
dynamic yes
log yes
log_denied no
deny_incoming no
use_sockets yes
same_ports yes
unregistered_only yes
reverse no
proxy_only no
clamp_mss yes
redirect_port tcp 192.168.1.20:80 192.168.1.20:10080


I stop and restart both NAT and Firewall from the Server Admin.

Only other thing I can figure is that I've got two NIC's in the server (en1 & en0) en1 is where all the clients are and the 192.168.1.xxx IP addresses. But en0 is the direct connection to the internet. So is it possible that my port forwarding is working, but on the wrong interface?


Is there something I'm doing wrong here?

Any help would be greatly appreciated. Thanks in advance.



myjay610
Mar 7, 2011, 02:26 PM
Are you doing this for internal traffic only? Or from traffic being routed between en0 and en1?

Isoparm
Mar 7, 2011, 05:59 PM
internal traffic only

myjay610
Mar 8, 2011, 06:38 AM
Are you hosting Apache on port 8080? You could just set up a virtual server at *.:80 and any requests to there could be re-directed to the virtual server on *.:8080.

Otherwise I can't think of a way to handle it from something other than the receiving application layer.

Isoparm
Mar 8, 2011, 05:22 PM
I've got Apache on port 80.

What I'm ultimately trying to do is forward all requests (HTTP, HTTPS, DNS) that goes to an IP address to a different server app (Ruby DNS & Ruby Http Sever) that's running on the same machine.

I can't change the ports that are being requested on this IP (They go to the default 80, 443, & 53), but my thought is that I can forward those ports from that particular IP address to the other ip address and ports on that same server.

That way depending on which IP you make the request to, you get a different server application (apache or ruby) responding.

Hope that makes sense.

myjay610
Mar 9, 2011, 09:26 AM
Seems like you just answered your own question, if your server is multi-honed you should be able to just configure your applications to only listen on specific interfaces. So set apache to only listen on X.X.X.X:80 and ruby http server on the other IP :8080.

Isoparm
Mar 9, 2011, 12:30 PM
No, see that's the problem. I can't figure out how to forward request to IP #2 to the server on the alternate ports.

It always goes to the server on port 80 (apache).

What I need to figure out is how to get the request on that 2nd IP to forward to the alternate ports (where the ruby server is running).

myjay610
Mar 10, 2011, 06:43 AM
Gotcha. So I think the best way to handle this would be to use Apache to handle all requests for both servers, and set up a ReverseProxy to handle traffic that should go to the Ruby server.

Check this site out: http://httpd.apache.org/docs/2.0/vhosts/examples.html

And this site for ReverseProxy: http://www.ehow.com/how_6108865_configure-apache-reverse-proxy.html

So, your config file in Apache should similar to this (be sure to enable the proxy module):

Listen 172.20.30.40:80

# This is the "main" server running on 172.20.30.40
ServerName server.domain.com
DocumentRoot /www/mainserver

# This is the other address - the one handling requests for Ruby
NameVirtualHost 172.20.30.50:80

<VirtualHost 172.20.30.50:80>

# Other directives here ...
ProxyRequests off
ProxyPass / http://localhost:8080
ProxyPassReverse / http://localhost:8080

</VirtualHost>


Then obviously you need to ensure your DNS server is set so the domain names are pointing to ther right IP addresses.

You could also filter out on the ServerName in apache to determine which server handles your traffic...or do both to be consistent.