-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Robert Harrison wrote: > I've run my firewall with this software for several years. Recently > changed ISP and in the confusion something went wrong that I can't > figure out. The firewall is supposed to send web browser requests and > ssh requests to a computer on the local net. The Apache server is > configured using virtualhost to provide results based on one of > several domain name all of which resolve to the same ip address > 173.x.x.180. However, the virtualhost configuration is only read if a > wild card is given for the ip address or the computer's local ip > address (192.168.1.120)! Other sites which should be served based on > their IP address alone are not seen at all. It seems to me that the > HTTP request is being rewritten to contain the local destination > (192.168.1.120) rather than the originating address (173.x.x.180). > Configuration information is given below. I'd appreciate any advice > on how to proceed.
Based on your rules, it looks like you have assigned all of the IP addresses to your firewall, and are port-forwarding the desired traffic to the internal system(s). This should work, but you did not include any real details on your port-forwarding setup (/etc/shorewall/rules) or how your apache is configured. Note that when the traffic is port-forwarded from the various IP addresses on the firewall, the destination address *WILL* get re-written. If you want to use IP based virtual hosting, you will need to assign multiple IP addresses on the internal system, and port-forward each public IP on the firewall to an appropriate IP address on the internal system. Otherwise, apache will have no idea which IP address the original request was sent to. If you don't want to use IP addresses, you could do a similar thing with ports on the internal apache system, forwarding each external public IP to a unique port number on the internal system. - -- Charles Steinkuehler char...@steinkuehler.net -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iD8DBQFK8y+oLywbqEHdNFwRAkPbAJ9kUA56uRlrJ8KfwVxTJi219I1iAwCeN04y KH+zxJbCyvxlkRDB/TQUpmk= =hxLP -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july ------------------------------------------------------------------------ leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
