2009/11/14 Eduardo J. Ortega U. <[email protected]>:
> Hi, Paul:
>
> Thanks for your reply. However, I am unsure about how to do that. I do
> not see any option for that on eBox DNS module, and from what I have
> read about split DNS for bind, i will need two DNS servers, not just
> one. Any hints or reading material on alternative ways to achieve it
> are greatly appreciated.
You don't need two dns servers for split dns, you can do it creating
two different "views": the external view will give to external IP, and
the internal view the internal IP.
You can achieve the same with a (probably) simpler solution: instead
of redirecting connections to port 80 to the internal host, you can
setup a reverse proxy in the eBox firewall and accept HTTP connections
in the eBox firewall. This way, apache will proxy the connection to
the internal hosts. This solution has the additional benefit that you
can have several internal web servers and proxy connections to them
depending on the name.
You can setup apache adding the file /etc/apache2/conf.d/proxy.conf
with this content:
---
ProxyRequests Off
# Intranet
<VirtualHost *:80>
ServerName www.example.com # You "official name"
ServerAlias intranet intranet.example.com # Aliases you may need
ProxyPass / http://ip_or_name_of_internal_host/
ProxyPassReverse / http://ip_or_name_of_internal_host/
</VirtualHost>
---
- You can have as many virtualhost definitions as you want for
different internal web servers
- Don't forget the "ProxyRequests Off" setting at the beginning, it
could be a MAJOR security problem
- Make sure you have the setting "NameVirtualHost *:80" somewhere in
your apache config file
Maybe it could be a nice feature to add this type of configuration to
eBox firewall module
Salu2!
--
Miguel Armas <[email protected]>
CanaryTek Consultoria y Sistemas SL
ModularIT http://www.modularit.org/
_______________________________________________
ebox-user mailing list
[email protected]
http://lists.ebox-platform.com/cgi-bin/mailman/listinfo/ebox-user
