Koozali.org: home of the SME Server

Legacy Forums => General Discussion (Legacy) => Topic started by: sabu on August 26, 2002, 05:50:50 PM

Title: apache - two listen ports
Post by: sabu on August 26, 2002, 05:50:50 PM: My ISP blocks incoming connections to port 80. I would like to keep port 80 listening so my network can access the webserver fine, but would also like to make a duplicate port so the rest of the world (or friends) can access it. How can i do this, or can i get some kind of bouncer to bounce the port? I've tried already with port forwarding.
Title: Re: apache - two listen ports
Post by: Nathan Fowler on August 26, 2002, 09:47:22 PM: I've got a program called "redir" that would enable you to redirect another port to a listening port. I use it for MySQL, if you want it let me know. Syntax is pretty easy and it would do what you needed it to do.
Title: Re: apache - two listen ports
Post by: Nathan Fowler on August 26, 2002, 09:47:46 PM: Note you may also be able to use ipmasqadm portfw as well.
Title: Re: apache - two listen ports
Post by: Charlie Brady on August 26, 2002, 10:23:21 PM: Nathan Fowler wrote:

> I've got a program called "redir" that would enable you to
> redirect another port to a listening port. I use it for
> MySQL, if you want it let me know. Syntax is pretty easy and
> it would do what you needed it to do.

I wouldn't recommend using it for the apache port. That would likely make external connections appear as though they were connection from a local network address (127.0.0.1), which will give public access to things which should be local only. You might though use the non-standard port for apache, then provide a redirector for local port 80 access.

xinetd, BTW, has a built-in port redirector function.

Regards

Charlie
Title: Re: apache - two listen ports
Post by: Nathan Fowler on August 26, 2002, 11:57:46 PM: Charlie is correct, it is far more secure if you would redirect internally.

Charlie, correct me if I an wrong, but I was under the impression that ipmasqadm portfw did source address translation?
Title: Re: apache - two listen ports
Post by: sabu on August 27, 2002, 11:59:51 AM: > > I've got a program called "redir" that would enable you to
> > redirect another port to a listening port. I use it for
> > MySQL, if you want it let me know. Syntax is pretty easy and
> > it would do what you needed it to do.
>
> I wouldn't recommend using it for the apache port. That would
> likely make external connections appear as though they were
> connection from a local network address (127.0.0.1), which
> will give public access to things which should be local only.
> You might though use the non-standard port for apache, then
> provide a redirector for local port 80 access.

can I try this software please, send to my email?

> xinetd, BTW, has a built-in port redirector function.

Is it hard to setup? If not, could you direct me to where i could get some help with it please?

Many thanks,

sabu
Title: Re: apache - two listen ports
Post by: Nathan Fowler on August 28, 2002, 06:39:28 AM: Sorry it's taken me so long to get back to this message, I've been swamped at work.

You can download redir at:

http://www.stickit.nu/utils/redir-i386-2.2.1.tgz

Redir Version 2.2.1 usage:
./redir --lport= --cport= [options]
./redir --inetd --cport=

Options are:-
--lport=    port to listen on
--laddr=IP     address of interface to listen on
--cport=    port to connect to
--caddr=     remote host to connect to
--inetd       run from inetd
--debug           output debugging info
--timeout=       set timeout to n seconds
--syslog        log messages to syslog
--name=        tag syslog messages with 'str'
--connect=       CONNECT string passed to proxy server
--bind_addr=IP        bind() outgoing IP to given addr
--ftp=     redirect ftp connections where type is either port, pasv, both
--transproxy        run in linux's transparent proxy mode
--bufsize=     size of the buffer
--maxbandwidth= limit the bandwidth
--random_wait= wait before each packet
--wait_in_out=     1 wait for in, 2 out, 3 in&out
Title: Re: apache - two listen ports
Post by: Nathan Fowler on August 28, 2002, 06:40:23 AM: One you untar that file, be sure to chmod +x redir
Title: Re: apache - two listen ports
Post by: sabu on August 28, 2002, 12:43:49 PM: Nathan Fowler wrote:
>
> Sorry it's taken me so long to get back to this message, I've
> been swamped at work.
>

No problem, it hasn't even been that long. It's the though that counts, besides i'm patient :)

> You can download redir at:
>
> http://www.stickit.nu/utils/redir-i386-2.2.1.tgz
>
> Redir Version 2.2.1 usage:
> ./redir --lport= --cport= [options]
> ./redir --inetd --cport=
>
> Options are:-
> --lport=    port to listen on
> --laddr=IP     address of interface
> to listen on
> --cport=    port to connect to
> --caddr=     remote host to
> connect to
> --inetd       run from inetd
> --debug           output debugging info
> --timeout=       set timeout to n seconds
> --syslog        log messages to syslog
> --name=        tag syslog messages with
> 'str'
> --connect=       CONNECT string passed to
> proxy server
> --bind_addr=IP        bind() outgoing IP to given
> addr
> --ftp=     redirect ftp
> connections where type is either port, pasv, both
> --transproxy        run in linux's transparent
> proxy mode
> --bufsize=     size of the buffer
> --maxbandwidth= limit the
> bandwidth
> --random_wait= wait before
> each packet
> --wait_in_out=     1 wait for in, 2
> out, 3 in&out

seems easy enough, thanks alot
Title: Re: apache - two listen ports
Post by: sabu on August 28, 2002, 01:01:14 PM: However, I've been unable to succesfully get redir working, this is what i have tried and all attempts have failed:

[root@stypel redir]# ./redir --lport=183 --cport=80

[root@stypel redir]# ./redir --lport=183 --laddr=210.49.xxx.xxx --cport=80 --caddr=localhost

[root@stypel redir]# ./redir --lport=183 --laddr=210.49.xxx.xxx --cport=80

"210.49.xxx.xxx" being my ip

can someone please inform me of how i can get this working?