Port Forwarding Problem

Discussion in 'Mac OS X Server, Xserve, and Networking' started by Isoparm, Mar 3, 2011.

  1. Isoparm, Mar 3, 2011
    Last edited: Mar 8, 2011

    macrumors newbie

    Joined:
    Jul 15, 2005
    #1
    I'm trying to forward requests from one port to another and running into problems.

    I have a Mac Server (10.5) and a number of Mac clients. I want requests going to one of my clients for port 80 (192.168.1.20:80), to go instead to port 10080 (192.168.1.20:10080).

    I've tried everything I can but I can't seem to get this to work. Here's what I've done:

    I've added this to my ipfw.conf file:
    add 100 fwd 192.168.1.20,80 ip from any to 192.168.1.20 dst-port 10080

    But that didn't seem to work.


    I also tried to add the correct info the my natd.conf.apple file.

    natd.conf.apple:
    interface en0
    natportmap_interface en1
    dynamic yes
    log yes
    log_denied no
    deny_incoming no
    use_sockets yes
    same_ports yes
    unregistered_only yes
    reverse no
    proxy_only no
    clamp_mss yes
    redirect_port tcp 192.168.1.20:80 192.168.1.20:10080


    I stop and restart both NAT and Firewall from the Server Admin.

    Only other thing I can figure is that I've got two NIC's in the server (en1 & en0) en1 is where all the clients are and the 192.168.1.xxx IP addresses. But en0 is the direct connection to the internet. So is it possible that my port forwarding is working, but on the wrong interface?


    Is there something I'm doing wrong here?

    Any help would be greatly appreciated. Thanks in advance.
     
  2. macrumors regular

    Joined:
    Jan 6, 2008
    #2
    Are you doing this for internal traffic only? Or from traffic being routed between en0 and en1?
     
  3. thread starter macrumors newbie

    Joined:
    Jul 15, 2005
  4. macrumors regular

    Joined:
    Jan 6, 2008
    #4
    Are you hosting Apache on port 8080? You could just set up a virtual server at *.:80 and any requests to there could be re-directed to the virtual server on *.:8080.

    Otherwise I can't think of a way to handle it from something other than the receiving application layer.
     
  5. thread starter macrumors newbie

    Joined:
    Jul 15, 2005
    #5
    I've got Apache on port 80.

    What I'm ultimately trying to do is forward all requests (HTTP, HTTPS, DNS) that goes to an IP address to a different server app (Ruby DNS & Ruby Http Sever) that's running on the same machine.

    I can't change the ports that are being requested on this IP (They go to the default 80, 443, & 53), but my thought is that I can forward those ports from that particular IP address to the other ip address and ports on that same server.

    That way depending on which IP you make the request to, you get a different server application (apache or ruby) responding.

    Hope that makes sense.
     
  6. macrumors regular

    Joined:
    Jan 6, 2008
    #6
    Seems like you just answered your own question, if your server is multi-honed you should be able to just configure your applications to only listen on specific interfaces. So set apache to only listen on X.X.X.X:80 and ruby http server on the other IP :8080.
     
  7. thread starter macrumors newbie

    Joined:
    Jul 15, 2005
    #7
    No, see that's the problem. I can't figure out how to forward request to IP #2 to the server on the alternate ports.

    It always goes to the server on port 80 (apache).

    What I need to figure out is how to get the request on that 2nd IP to forward to the alternate ports (where the ruby server is running).
     
  8. macrumors regular

    Joined:
    Jan 6, 2008
    #8
    Gotcha. So I think the best way to handle this would be to use Apache to handle all requests for both servers, and set up a ReverseProxy to handle traffic that should go to the Ruby server.

    Check this site out: http://httpd.apache.org/docs/2.0/vhosts/examples.html

    And this site for ReverseProxy: http://www.ehow.com/how_6108865_configure-apache-reverse-proxy.html

    So, your config file in Apache should similar to this (be sure to enable the proxy module):

    Listen 172.20.30.40:80

    # This is the "main" server running on 172.20.30.40
    ServerName server.domain.com
    DocumentRoot /www/mainserver

    # This is the other address - the one handling requests for Ruby
    NameVirtualHost 172.20.30.50:80

    <VirtualHost 172.20.30.50:80>

    # Other directives here ...
    ProxyRequests off
    ProxyPass / http://localhost:8080
    ProxyPassReverse / http://localhost:8080

    </VirtualHost>


    Then obviously you need to ensure your DNS server is set so the domain names are pointing to ther right IP addresses.

    You could also filter out on the ServerName in apache to determine which server handles your traffic...or do both to be consistent.
     

Share This Page