Re: routing problem with wordpress and external and internal traffic
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Op 27-9-2017 om 11:20 schreef Markus Rosjat: > Hi there, > > I have a small problem getting a wordpress instance, that works with ips in the url, to work from the internal net. > > So here ist the setup > > a webserver for some application behind a Openbsd Firewall (webbserver is openBSD 6.0) I have a static ip for my external nic and the wordpress instance uses the external ip in the site url. Additionally I have to use a diffrent port then https because there is a proxy server listining for some other application. > > While reaching the site from the outsite world is no problem because its simple redirect to the webserver and the wordpress instance has the url saved it becomes kinda tricky to reach the wordpress instance from the inside. in the internal net the webserver is listens on port 80 and 443 so I can reach it from the inside but then the wordpress instance is rewiriting the url to a port that isnt 443 becuase from the outsideworld it expects a diffrent port. > > So question now is, is it possible to route the way from inside to the outside and back without inventing the wheel new or is it simpler just to let the webserver listen to the diffrent port too? > > I hope it makes sense to someone to give me a push in the right direction > > regards > Hi, I think you are looking for something along the lines like: match in on $vlan1 proto tcp from any to $realoutside port 443 rdr-to $misp port 443 vlan1 is an inside network, and misp is an internal machine (was reachable from the outside and needed to be reachable on the inside as well). Am I correct? Regards, Erik -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCAAGBQJZy814AAoJEAeixT/cUIgnicQP/0+bYFH04K3ZagwfTi22NjMN 0txdUlLJCIJtRVaeLFJ4u7MDCKC9CzJO6s7NIwBmwKmaE40fL+itWAJH/qQ1DRQ3 uyG8AlccGLS+KnjNze7zR3rDPMsJFrgtOKVAU0YRNYEFxS0ShYBzme8ZydAwxq7M Br/RxTHEA1kV0kfYk7z1JffdjYkGPpZG9/ocwdVKiwKBOf0LAz8OrlAwEhDcjd/B jWs/T6GkFNDUo1qS1kmRpwXGIHCGjNdz9k1y3kaZ0lz2htt5ITfya1+d09kFNtaB N/OIOwj2mLF6WnJrQ/RDmqEDzIX74XUROH7a1hKJpIhDU8yVRgva/czR5CCkOz+m xwEKESeXhhccOF1aCmY/K3btK0LuBxQqxg48T0XiWeSFyK0V4+nMy4Ddohfuvoll xyYt225XIWB+9hgNOTuChtuy7hKltj8Lv3dyTrNxkRRd/VFF2d0hm/e4FB3NLdFJ 9SwfeOp/NJ33vc3Z0ohx8589sWfL47IleEQWxEBebVE8uQQI/d+bygDa/HhUaB+W P1jzETwHeis/SrIp7wShWC600lCsoNLWvcMHrR0Yu2oCNJsUsbwYvs7SmBIvYBty F6GVpP4Y62hwbHWIL/nALdJSUF6r0GDsn+Gd1DLxQ6ZzP++bBScq93zdW0VXsIxo 3/vQdsjNd6uhh7JwhiXW =XXdi -END PGP SIGNATURE-
Re: routing problem with wordpress and external and internal traffic
hi, Am 27.09.2017 um 15:59 schrieb x9p: I am supposing its Apache because you did not said so. no it's of course a httpd from OpenBSD You are right, httpd. my bad. I am used to Linux world. the problem here is the for internal traffic to somehow rewirite the url to a internal ip with some lines in the server part of the httpd.conf (dont know if this is possible) We know packets are being changed by pf rules when coming from outside world. From inside network, there is a URL transformation that represents the problem are facing . well if I do stuff on the internal nic I could do things to these packages too but this should be the smaller problem here. where is the URL rewrite being done? .htaccess or in another part? I believe this is the first step to search for. If it is in the .htaccess, that is the simpler solution in my point of view. well since .htaccess has nothing to do with httpd of Openbsd rewrites could be possible in relayd (maybe) od as I stated maybe in the sever definition in httpd.conf. or to somehow get the traffic rerouted wen it hits the firewall in a pf rule or rules I believe mix routing/pf rules with URL rewriting makes the problem complex, should be a simple solution. cheers. x9p regards -- Markus Rosjatfon: +49 351 8107223mail: ros...@ghweb.de G+H Webservice GbR Gorzolla, Herrmann Königsbrücker Str. 70, 01099 Dresden http://www.ghweb.de fon: +49 351 8107220 fax: +49 351 8107227 Bitte prüfen Sie, ob diese Mail wirklich ausgedruckt werden muss! Before you print it, think about your responsibility and commitment to the ENVIRONMENT
Re: routing problem with wordpress and external and internal traffic
>> I am supposing its Apache because you did not said so. >> > > no it's of course a httpd from OpenBSD > You are right, httpd. my bad. I am used to Linux world. > the problem here is the for internal traffic to somehow rewirite the > url to a internal ip with some lines in the server part of the > httpd.conf (dont know if this is possible) > We know packets are being changed by pf rules when coming from outside world. From inside network, there is a URL transformation that represents the problem are facing . where is the URL rewrite being done? .htaccess or in another part? I believe this is the first step to search for. If it is in the .htaccess, that is the simpler solution in my point of view. > or to somehow get the traffic rerouted wen it hits the firewall in a pf > rule or rules I believe mix routing/pf rules with URL rewriting makes the problem complex, should be a simple solution. cheers. x9p
Re: routing problem with wordpress and external and internal traffic
Hi, Am 27.09.2017 um 13:33 schrieb x9p: Hi there, Hi I have a small problem getting a wordpress instance, that works with ips in the url, to work from the internal net. So here ist the setup a webserver for some application behind a Openbsd Firewall (webbserver is openBSD 6.0) I have a static ip for my external nic and the wordpress I am supposing its Apache because you did not said so. no it's of course a httpd from OpenBSD So question now is, is it possible to route the way from inside to the outside and back without inventing the wheel new or is it simpler just to let the webserver listen to the diffrent port too? I hope it makes sense to someone to give me a push in the right direction I think its lacking some information, but supposing your wordpress installation is redirecting based on .htaccess rules under httpd I would include a rule to not rewrite the URL based on source IP (if internal, do not apply .htaccess rule of URL rewrite) the problem here is the for internal traffic to somehow rewirite the url to a internal ip with some lines in the server part of the httpd.conf (dont know if this is possible) or to somehow get the traffic rerouted wen it hits the firewall in a pf rule or rules something like: https://unix.stackexchange.com/questions/44129/conditional-directoryindex-based-on-ip-address-using-htaccess cheers. x9p regards -- Markus Rosjatfon: +49 351 8107223mail: ros...@ghweb.de G+H Webservice GbR Gorzolla, Herrmann Königsbrücker Str. 70, 01099 Dresden http://www.ghweb.de fon: +49 351 8107220 fax: +49 351 8107227 Bitte prüfen Sie, ob diese Mail wirklich ausgedruckt werden muss! Before you print it, think about your responsibility and commitment to the ENVIRONMENT
Re: routing problem with wordpress and external and internal traffic
> Hi there, Hi > > I have a small problem getting a wordpress instance, that works with ips > in the url, to work from the internal net. > > So here ist the setup > > a webserver for some application behind a Openbsd Firewall (webbserver > is openBSD 6.0) I have a static ip for my external nic and the wordpress I am supposing its Apache because you did not said so. > So question now is, is it possible to route the way from inside to the > outside and back without inventing the wheel new or is it simpler just > to let the webserver listen to the diffrent port too? > > I hope it makes sense to someone to give me a push in the right direction > I think its lacking some information, but supposing your wordpress installation is redirecting based on .htaccess rules under httpd I would include a rule to not rewrite the URL based on source IP (if internal, do not apply .htaccess rule of URL rewrite) something like: https://unix.stackexchange.com/questions/44129/conditional-directoryindex-based-on-ip-address-using-htaccess cheers. x9p