Hey David,
I have it running on a 4ip host where each interface (ip) is a
different web site which is what I think you want to do right?
If that's the case then I did exactly the same thing as you wrt the
ipchains command.
The problem I ran into is that if I configured each site to only listen on
the relevant interface (port= in web-site tag) it didn't work. I had to
say port="[ALL]".
So I gave each site (interface) a different port > 1024 and did the
ipchains for each, just as you have done.
I also hadded a virutal-hosts entry and a frontend tag in the web-site
xml for each site - both were important but I can't remember what failed
if you didn't include them.
Finally I used ipchains to refuse direct connnections to the ports > 1024
that the sites were really using - just being picky I guess.
I hope that helps.
Trevor
On Mon, 22 Jan 2001, David Morton wrote:
>
> Has anybody gotten port-forwarding to work? I want orion to run
> as non-root user on Linux.....I did see:
> http://www.orionsupport.com/articles/unixprocess.html
>
> The following is an excerpt:
> IP Chains (ipfw)
> IP Chains is a program that comes with recent versions of Linux that uses
> the ipfw library to specify rules for TCP/IP packets. For information about
> using it, refer to the howto.
> Here's a simple rule to tell all incoming TCP packets destined for port 80
> to be forwarded to port 10080:
> [root@myhost]$ ipchains -A input --destination-port 80 -p tcp -j REDIRECT 10080
> Warning: Use ipchains at own risk... You are recommended to read the
> documentation first, and have the machine in easy reach.
> This command needs to be executed each time the system is booted, so you
> may want to place it in a startup file somewhere.
>
> I tried ipchains rule with one change:
> ipchains -A input -d 192.168.0.4 80 -p tcp -j REDIRECT 10080
>
> it didn't work.
>
> any suggestions?
>
> If anyone has working on one ip only (on a machine that has multiple ips
> like mine)...please send output of 'ipchains -L'...and any other ipmasqadm
> table output...
>
> Thanks
> David
>
>
