Re: ipchains redirect

redirect Fri, 03 Aug 2001 15:27:17 -0700
okay solved the problem and got virtual hosts to serve port 80 too

The server can be told to bind/listen to any ip/port we want, and it will
serve the 'default' (or main) server's pages from this ip/port.

Non-IP based vhosts are determined by the 'host:' and 'port:' fields
passed in the http header. However vhosts inherit most of the settings
from the 'main' server, unless otherwise specified in the <VirtualHost>
tag. This means that the vhosts will be expecting communication on port
8082, as we expected since this is the main server's listen port.

The problem is that even though ipchains changes the port number from 80
to 8082, it only does this in the tcp header. The http header still says
port 80.

Therefore apache receives the request for xyz.org, a vhost. However it
expects the request to be for xyz.org:8082, since it assumes the vhost is
using the same port as the 'main' server. However the http header
was not changed, and therefor there is no match, and we get the 'default'
page. This is what we observed after we made the change to ipchains
yesterday.

The fix is to tell apache to expect requests to come in for xyz.org:80
not foos.org:8082. The server may be bound into port 8082, yet the vhosts
will get requests for port 80 (in the http header). And voila!

eddie

----- Original Message -----
From: "Tim Sellar" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, August 03, 2001 10:32 PM
Subject: RE: ipchains redirect


> If you have followed Damion's directions it should be working. I was
trying
> it myself today. When you do a 'netstat -nl' command on the hosting server
> you should see each VS listening on a different port, but not tied to a
> specific IP, ie 0.0.0.0:8081, 0.0.0.0:8082, 0.0.0.0:8083... It does not
> require any modification of the virtual host directives.
>
> Tim
>
> > -----Original Message-----
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED]]On Behalf Of redirect
> > Sent: 03 August 2001 19:44
> > To: [EMAIL PROTECTED]
> > Subject: ipchains redirect
> >
> >
> > Hi all
> >
> > we are just playing with the ipchains redirect on Bens FAQ (BTW thanks
> > en)  - to redirect instead of using vsredirect (Damion version below) -
we
> > have got it working except that each virtual host defaults to the main
> > site - we have followed the faq exactly - anything we have missed? Does
it
> > require a change in the virtual host directive in apache?
> >
> > Eddie
> >
> > ------------------------------------------------------------------
> > ----------
> > ----------------------------------
> >
> > "If you are using the Linux 2.2 kernel an alternative arrangement using
> > ipchains involves establishing a rule for each virtual server, so
> > that both
> > TCP and UDP packets are forwarded to a unique port number for each
virtual
> > server. For example, your first virtual server on IP address 1.2.3.4
would
> > require the following commands:
> >
> >     # ipchains -A input --dst 1.2.3.4 --dport 80 -p tcp -j REDIRECT 8081
> >     # ipchains -A input --dst 1.2.3.4 --dport 80 -p udp -j REDIRECT 8081
> >
> > The default httpd configuation file /etc/httpd/conf/httpd.conf within
the
> > virtual server must then be modified to set the Port and Listening
> > directives as follows:
> >
> > Port 8081
> > Listen 8081
> >
> > Please note the lack of an IP address in the 'Listen' directive.
Finally,
> > the relevant entries for vsdredirect should be removed from
> > /etc/rc (on the
> > virtual server.)
> >
> > This process must be repeated for each virtual server although the
chosen
> > HTTP port (8081 in this case) must be unique for each VS
> >
> > For example, the second virtual server, with IP address 1.2.3.5 would
> > require the following commands (if you chose 8082 as its HTTP port) :
> >
> > # ipchains -A input --dst 1.2.3.5 --dport 80 -p tcp -j REDIRECT 8082
> > # ipchains -A input --dst 1.2.3.5 --dport 80 -p udp -j REDIRECT 8082
> >
> > And the following entries then need to be set in
> > /etc/httpd/conf/httpd.conf
> > (on the VS)
> >
> > Port 8082
> > Listen 8082
> >
> > Again, the relevant entries for vsdredirect should be removed
> > from /etc/rc."
> >
> >
> > ------------------------- The freeVSD Support List
> > --------------------------
> > Subscribe:
mailto:[EMAIL PROTECTED]?body=subscribe%20freevsd-support
> > Unsubscribe:
> mailto:[EMAIL PROTECTED]?body=unsubscribe%20freevsd-support
> Archives:    http://freevsd.org/support/mail-archives/freevsd-support
> --------------------------------------------------------------------------
--
> -
>
> ------------------------- The freeVSD Support
List --------------------------
> Subscribe:   mailto:[EMAIL PROTECTED]?body=subscribe%20freevsd-support
> Unsubscribe:
mailto:[EMAIL PROTECTED]?body=unsubscribe%20freevsd-support
> Archives:    http://freevsd.org/support/mail-archives/freevsd-support
> --------------------------------------------------------------------------
---
>

------------------------- The freeVSD Support List --------------------------
Subscribe:   mailto:[EMAIL PROTECTED]?body=subscribe%20freevsd-support
Unsubscribe: mailto:[EMAIL PROTECTED]?body=unsubscribe%20freevsd-support
Archives:    http://freevsd.org/support/mail-archives/freevsd-support
-----------------------------------------------------------------------------
Re: ipchains redirect

Reply via email to
