Topic: apache - two listen ports

[sabu]

My ISP blocks incoming connections to port 80. I would like to keep port 80 listening so my network can access the webserver fine, but would also like to make a duplicate port so the rest of the world (or friends) can access it. How can i do this, or can i get some kind of bouncer to bounce the port? I've tried already with port forwarding.

[Nathan Fowler]

I've got a program called "redir" that would enable you to redirect another port to a listening port.  I use it for MySQL, if you want it let me know.  Syntax is pretty easy and it would do what you needed it to do.

[Nathan Fowler]

Note you may also be able to use ipmasqadm portfw as well.

[Charlie Brady]

Nathan Fowler wrote:
 
> I've got a program called "redir" that would enable you to
> redirect another port to a listening port.  I use it for
> MySQL, if you want it let me know.  Syntax is pretty easy and
> it would do what you needed it to do.

I wouldn't recommend using it for the apache port. That would likely make external connections appear as though they were connection from a local network address (127.0.0.1), which will give public access to things which should be local only. You might though use the non-standard port for apache, then provide a redirector for local port 80 access.

xinetd, BTW, has a built-in port redirector function.

Regards

Charlie

[Nathan Fowler]

Charlie is correct, it is far more secure if you would redirect internally.

Charlie, correct me if I an wrong, but I was under the impression that ipmasqadm portfw did source address translation?

[sabu]

> > I've got a program called "redir" that would enable you to
> > redirect another port to a listening port.  I use it for
> > MySQL, if you want it let me know.  Syntax is pretty easy and
> > it would do what you needed it to do.
>
> I wouldn't recommend using it for the apache port. That would
> likely make external connections appear as though they were
> connection from a local network address (127.0.0.1), which
> will give public access to things which should be local only.
> You might though use the non-standard port for apache, then
> provide a redirector for local port 80 access.

can I try this software please, send to my email?

> xinetd, BTW, has a built-in port redirector function.

Is it hard to setup? If not, could you direct me to where i could get some help with it please?

Many thanks,

sabu

[Nathan Fowler]

Sorry it's taken me so long to get back to this message, I've been swamped at work.

You can download redir at:

http://www.stickit.nu/utils/redir-i386-2.2.1.tgz

Redir Version 2.2.1 usage:
        ./redir --lport= --cport= [options]
        ./redir --inetd --cport=

        Options are:-
                --lport=                port to listen on
                --laddr=IP                 address of interface to listen on
                --cport=                port to connect to
                --caddr=             remote host to connect to
                --inetd               run from inetd
                --debug                 output debugging info
                --timeout=         set timeout to n seconds
                --syslog              log messages to syslog
                --name=          tag syslog messages with 'str'
                --connect=       CONNECT string passed to proxy server
                --bind_addr=IP        bind() outgoing IP to given addr
                --ftp=               redirect ftp connections where type is either port, pasv, both
                --transproxy          run in linux's transparent proxy mode
                --bufsize=         size of the buffer
                --maxbandwidth=    limit the bandwidth
                --random_wait=        wait before each packet
                --wait_in_out=       1 wait for in, 2 out, 3 in&out

[Nathan Fowler]

One you untar that file, be sure to chmod +x redir

[sabu]

Nathan Fowler wrote:
>
> Sorry it's taken me so long to get back to this message, I've
> been swamped at work.
>

No problem, it hasn't even been that long. It's the though that counts, besides i'm patient

> You can download redir at:
>
> http://www.stickit.nu/utils/redir-i386-2.2.1.tgz
>
> Redir Version 2.2.1 usage:
>         ./redir --lport= --cport= [options]
>         ./redir --inetd --cport=
>
>         Options are:-
>                 --lport=                port to listen on
>                 --laddr=IP                 address of interface
> to listen on
>                 --cport=                port to connect to
>                 --caddr=             remote host to
> connect to
>                 --inetd               run from inetd
>                 --debug                 output debugging info
>                 --timeout=         set timeout to n seconds
>                 --syslog              log messages to syslog
>                 --name=          tag syslog messages with
> 'str'
>                 --connect=       CONNECT string passed to
> proxy server
>                 --bind_addr=IP        bind() outgoing IP to given
> addr
>                 --ftp=               redirect ftp
> connections where type is either port, pasv, both
>                 --transproxy          run in linux's transparent
> proxy mode
>                 --bufsize=         size of the buffer
>                 --maxbandwidth=    limit the
> bandwidth
>                 --random_wait=        wait before
> each packet
>                 --wait_in_out=       1 wait for in, 2
> out, 3 in&out

seems easy enough, thanks alot

[sabu]

However, I've been unable to succesfully get redir working, this is what i have tried and all attempts have failed:

[root@stypel redir]# ./redir --lport=183 --cport=80

[root@stypel redir]# ./redir --lport=183 --laddr=210.49.xxx.xxx --cport=80 --caddr=localhost

[root@stypel redir]# ./redir --lport=183 --laddr=210.49.xxx.xxx --cport=80

"210.49.xxx.xxx" being my ip

can someone please inform me of how i can get this working?