Topic: Port forwarding/GW server in front of web server

[Brian]

Hi *.*

I have a SME 5.5. web server running. It a server and gateway at the moment.

I've tried to install a new SME 5.6 server on a new server which should be my Server and Gateway server and my Web SME 5.5. server would I change to a clean server, and no longer a gateway.

On my new gateway server I've enabled mail forwarding to the ip of my SME 5.5. web server. I've installed port forwarding (e-smith-packetfilter-1.13.0-04.noarch.rpm and e-smith-portforwarding-0.1.0-20.noarch.rpm). I hereby from the server manager portforwarding option enable port forwarding on HTTP traffic (port 80) from my SME 5.6 gateway to my SME 5.5. web server.

I DOES NOT WORK !!

My new SME 5.6 GW server does forward http traffic to my WEB server SME 5.5 !! BUT it just shows the primary standard index.html page !! I doesnt recognize my virtuel domains any longer..!?!? Lets say I have a virtuel domain name www.123test.dk on my SME 5.5. web server. When I type that or a friend of mine on the outside, browses to any of my virtuel domains (which works and worked earlier when my SME 5.5 web server was a gateway server) - a blank page just appears !! The primary site on the web server.

What am I missing here !?????

Hope someone can help.

Thanks

[Boris]

Is your SME 5.5 web server now behind firewall (SME 5.6) on the private subnet or it is on the second public IP?

[Brian]

sorry I didn't inform about that.

Yes the SME 5.5 web server is behind the GW server SME 5.6 on the private subnet. There is only one public IP.

Any ideas ?

Thanks

[ryan]

I would try setting SME gateway server to NOT start Apache and see if the the problems are corrected.  If they are, your problem likely lies with Apache.    Disabling apache will likely stop the server-manager, so this is a troubleshooting step, not a solution.  

Another option would be to port change your web traffic with your DNS.  Then forward the changed ports to your internal server.  Of course Apache on the internal server would need to be reconfigured.  

Post your findings please.  I have been thinking of doing what you are describing.

ryan

[Anthony de Waal]

Brian,
what makes you think that the port forwarding is actually happening?
I ask that because I still haven't managed to make that work, with the portforwarding module you describe.
So, can it be that you are looking at the blank page of the 5.6 server instead of your internal webserver?
Kind greetings,
Thony

[Brian]

Hi Athony and Ryan

I'm sure it works cause if modified the blank page on my web SME 5.5 so it is different than the blank page on my GW server SME 5.6 - BUT only the domains where there is an ibay of same name gets forwarded..not the virtuel domains..as I see it...I will check again.

Ryan could you quick instruct me how to stop the apache server from start or when it is running ?!

Well - your're right it is not a solution..but troubleshooting. But if the http listener is stopped..what will then happend to request on port 80 ?? will they still be forwarded..and you're right..I would loose the server manager interface.

What I'm thinking of  is :

What is happening with the url when it is beeing forwarded...??since my web server SME 5.5 on the inside does NOT recongnize the urls of my domains and virtuel domain and just reply with the primary site blank page ??? any Ideas ??

Whats the idea of SME Server and Gateway setup if it doesnt work and it is not possible to have a web server and/or mail server on the inside ??

Hope others have any ideas..or experice.

I will keep looking into it - but I'll have to do it when it is possible, cause my troubleshooting of this problem has influence on my web and mail server.

Thanks.. looking forward to more feedback

[ryan]

I suggest you research how linux/redhat systems boot.  There are serveral run levels in addition to the default.  I would only do hands on learning on a test server.

To stop apache at command line:

service httpd stop

then

service httpd start

Regarding the port forwarding, I installed a module from ezserver and it does work with vnc port 5900.  I have read that changes/deletions made at a later time don't occur...but you can simply delete them all and recreate the necessary forwards until the rpm is fixed.

ryan

[Jochen Hoegerl]

1.
For such an configuration (www-server behind proxy) you need Apache ProxyPass
I saw some threads here about that long time ago (just search for proxypass)

2.

you don't need to kill apache complete just stop httpd-e-smith
that is what's listening on port 80

server-manager runs on port 980 so it's still available


type the following console command to stop http

/sbin/service httpd-e-smith stop



jochen

[Anthony de Waal]

Does the DNS of the inside server know of your virtual domains? Otherwise the requests will go to the default gateway, which is the 5.6.
Kind greetings,
Thony

[Brian]

Hi jochen and guys !

Thanks for input.

I'll try that...but now I'm confused..and have to try it all Proxypass...okay - sounds interessting.

My DNS is the same as the SME 5.5.mail and web server - but I havent made any entries !?!?

But why is a dns in this case neccesary ?? I use my ISP dns when I surf the outside and thats it.

[Anthony de Waal]

>
> My DNS is the same as the SME 5.5.mail and web server - but I
> havent made any entries !?!?
>
> But why is a dns in this case neccesary ?? I use my ISP dns
> when I surf the outside and thats it.

DNS is for name resolution. You type in a human-readable name, and the DNS server looks up the IP address. If you have a virtual domain, that means that your ISP is not likely knowing an IP address. Instead, it is an entry in the zonefile of the DNS server in your SME server. I am not sure how this is actually implemented here, but at some point a server or directory must be chosen as a response to a query to a virtual domain. If your server has no entries, then the DNS server of your ISP gets asked the question, with wrong results.
Try to point your workstation's DNS to the SME servers instead of the ISP, and see what happens.
Not sure how to add a set of records in the Linux DNS. If this is the culprit, surely someone on the forum will be able to help.
Kind greetings,
Thony

[Tony Howden]

Hi

I am not sure if I have followed this thread correctly but I think you are wanting a dual sme server setup. The following is a quickie how-to and I am sure I will have missed something, so apologies up front if you find you need to really *think* about what this is doing.

I use two sme servers:

main server 'A' is a server/gateway and connects to the cable modem
server 'B' is a sme server used for mysql/web server with multiple postnuke sites
(theres also an NT4 server behind the gateway)

I configure server A with virtual domains for whatever domain name I need and remove all hostnames except the mail and www hosts.

I then have a custom template

/etc/templates-custom/etc/httpd/conf/httpd.conf/80VHost-domainname

(i.e. 80VHost-www-fred-com-au)

which contains


    ServerAdmin webmaster@fred.com.au
    DocumentRoot /www/html/fred
    ServerName www.fred.com.au
    ProxyPass / http://fred.home.local/
    ProxyPassReverse / http://fred.home.local/
    ErrorLog /var/log/httpd/error-fred.log
    TransferLog /var/log/httpd/access-fred.log


On server A I create a directory (empty) for /www/html/fred which serves as the anchor for the ProxyPass setting. You also need to add the fred.home.local system into the local hosts file, noting that I will assume that the local lan domain is referenced as home.local (using a custom template for the /etc/hosts file is an easy way to manage this)

On server B I have the same virtual domain declared and an ibay setup for the specific web site to be serviced, ie Server B must know that it may be called fred.home.local

Theorectically, server A is the host for www.fred.com.au and is listed in an external dns (I use www.ddns.nu for freebie dynamic dns in Oz)

Server A receives a request on port 80 for www.fred.com.au and apache refers to the virtualhost segment and knows that it will proxypass this to another host called fred.home.local  (ie it uses the custom template segment we made)

Server A does a lookup in the local dns/hosts file and will discover the local ip address for fred.home.local (this is found because we added it in the hosts template or the hostnames panel of sme server with the appropriate local ip address)

Server B gets the proxypassed request from server A and deals with it as it would for any ibay via its own apache control file.

Check out www.recovertoy.bpa.nu or www.shotmaker.bpa.nu as examples. One site runs on an NT4 server behind the sme server gateway and the other is on a second sme server behind the same gateway.

Apache proxypass is ideal for this sort of re-direction. However, I cannot seem to get the proxypass panel option for sme server to function in the same way. I think the issues with the proxy pass panel relate to sequencing problems within the httpd.conf file and precedents being set by the default configuration. The proxypass panel will work with some ports but not others depending on what you are trying to redirect.

Hope this helps and if I have missed a step in this late-at-night response please let me know.

cheers
Tony

[Brian]

hi Tony !

Great reply - really appreciate it.

Unfortanetly it didn't work. When I try to brows to a web site of mine I get page doesn't exist...!?!? This is testet form the out side of my router..

I followed you fine 'guide' but the section with :

On server A I create a directory (empty) for /www/html/fred which serves as the anchor for the ProxyPass setting

I got my doubt...!?!? Do I just create this empty folder from the root ?? or should it be a certain place ??

Anything else you can think of ??

Why isn't not just possible to use the server manager interface and forward all http traffic to my backend server...

Thanks