Re: webserver and natd
On Wed, Sep 2, 2009 at 1:02 AM, Razvan Cristea cristea.raz...@yahoo.comwrote: Hello, i have a webserver useing freebsd 7.2 and i user the same server to route internet to a local network. the internet on the local network is working fine but the sites from the webserver are loading verry slow. i fave this configuration in rc.conf: firewall_enable=YES firewall_type=open firewall_logging=YES gateway_enable=YES natd_enable=YES natd_interface=bce0 Can you please help me? The server needs to know itself either via local DNS or via /etc/hosts So you may need entries in, say, /etc/hosts for every website running on it. -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ If you have nothing good to say about someone, just shut up!. -- Lucky Dube ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: webserver and natd
Solved. It's a bug in version 7.2 info here: http://groups.google.com/group/muc.lists.freebsd.stable/browse_thread/thread/35f137a0e43b3175/d317dc58af6d4be2 Cu prietenie, Razvan Cristea = http://www.adventube.ro = --- On Thu, 9/3/09, Odhiambo Washington odhia...@gmail.com wrote: From: Odhiambo Washington odhia...@gmail.com Subject: Re: webserver and natd To: Razvan Cristea cristea.raz...@yahoo.com Cc: freebsd-questions@freebsd.org Date: Thursday, September 3, 2009, 1:07 PM On Wed, Sep 2, 2009 at 1:02 AM, Razvan Cristea cristea.raz...@yahoo.com wrote: Hello, i have a webserver useing freebsd 7.2 and i user the same server to route internet to a local network. the internet on the local network is working fine but the sites from the webserver are loading verry slow. i fave this configuration in rc.conf: firewall_enable=YES firewall_type=open firewall_logging=YES gateway_enable=YES natd_enable=YES natd_interface=bce0 Can you please help me? The server needs to know itself either via local DNS or via /etc/hosts So you may need entries in, say, /etc/hosts for every website running on it. -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ If you have nothing good to say about someone, just shut up!. -- Lucky Dube ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: webserver and natd
Razvan Cristea wrote: Hello, i have a webserver useing freebsd 7.2 and i user the same server to route internet to a local network. the internet on the local network is working fine but the sites from the webserver are loading verry slow. i fave this configuration in rc.conf: firewall_enable=YES firewall_type=open firewall_logging=YES gateway_enable=YES natd_enable=YES natd_interface=bce0 Can you please help me? Do you have a proper DNS name set up for the IP that the web server is running on? How are you accessing the web server... by name or IP? I'll assume that you are using Apache. What does the ServerName directive say? Steve smime.p7s Description: S/MIME Cryptographic Signature
Re: webserver and natd
Razvan Cristea wrote: Razvan Cristea wrote: Hello, i have a webserver useing freebsd 7.2 and i user the same server to route internet to a local network. the internet on the local network is working fine but the sites from the webserver are loading verry slow. i fave this configuration in rc.conf: firewall_enable=YES firewall_type=open firewall_logging=YES gateway_enable=YES natd_enable=YES natd_interface=bce0 Can you please help me? Do you have a proper DNS name set up for the IP that the web server is running on? How are you accessing the web server... by name or IP? I'll assume that you are using Apache. What does the ServerName directive say? The webserver works just fine when the firewall is not enabeled. But when i enabele any firewall the webserver seems to be overloaded or something and loads the pages verry slow. The problem is that natd is not working without firewall activated. i have apache (directadmin cpanel) It's been years since I've needed to use NAT, so unfortunately, I can't help here. I'm sure someone else will speak up. If nothing comes up in the next while, perhaps asking on -ipfw will help (but do not cross-post). Steve smime.p7s Description: S/MIME Cryptographic Signature
Re: Webserver
Written by Snoopy on 08/13/07 03:04 Hello, I want to build a Freebsd based webserver and all the stuff works quiet well, I got ruby on rails installed (ports/www/rubygem-rails) and I'm able to start webrick (the integrated webserver) also I installed the hole mysql package (server, client , scripts all 5.0). But I still have some problems ! First I do not know how to configure the Ftp server. I disabled anonymous login (during the setup)and I killed the '#' in the inetd.conf in the line for ftp (ftp stream tcp nowait root /usr/libexec/ftpd ftpd -l) and saved this file ! Now I want to login with a normal account (also user account) via ftp and it does not work! please help ! Also there is no open port! You have to restart inetd to get it to re-read inetd.conf. The way I'd suggest is to do '/etc/rc.d/inetd restart'. The other problem is about MYSQL It works for me (mysql version 5). But I can not connect as remote from an other computer ! I enabled it in the rc.conf and the mysql ports seems to be open ! (did a port scan from the remote). But I can not access the database as remote. Also I created a new user in mysql (user with all privileges) i can not connect to the server as remote, neither with the root nor with my new account (but the new account works from the inside as well). I had been told to change a file called my.conf but I do not find this file ! Can you pleasetell me where my mysql configuration is saved ! thx for help ! You don't need to edit my.conf, but you do have to add permissions on the database in question for your user from hosts other than localhost. The table mysql.db is the one you're looking for. If you want your user to have permissions from any host, use '%' for the Host column. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Webserver
Sounds like your firewall is blocking inbound ports for remote mysql and FTP access. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Snoopy Sent: Monday, August 13, 2007 4:04 AM To: freebsd-questions@FreeBSD.org Subject: Webserver Hello, I want to build a Freebsd based webserver and all the stuff works quiet well, I got ruby on rails installed (ports/www/rubygem-rails) and I'm able to start webrick (the integrated webserver) also I installed the hole mysql package (server, client , scripts all 5.0). But I still have some problems ! First I do not know how to configure the Ftp server. I disabled anonymous login (during the setup)and I killed the '#' in the inetd.conf in the line for ftp (ftp stream tcp nowait root /usr/ libexec/ftpd ftpd -l) and saved this file ! Now I want to login with a normal account (also user account) via ftp and it does not work! please help ! Also there is no open port! The other problem is about MYSQL It works for me (mysql version 5). But I can not connect as remote from an other computer ! I enabled it in the rc.conf and the mysql ports seems to be open ! (did a port scan from the remote). But I can not access the database as remote. Also I created a new user in mysql (user with all privileges) i can not connect to the server as remote, neither with the root nor with my new account (but the new account works from the inside as well). I had been told to change a file called my.conf but I do not find this file ! Can you pleasetell me where my mysql configuration is saved ! thx for help ! Regrades Snoopy PS: I'm sorry for my english and the bad kind of description I gave you, but I'm a total newbe to Freebsd ! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Webserver behind nat/ipfw
freebsd-questions wrote: Hello all, I have been struggling for the last months now to run a webserver behind a firewall. I have installed apache 2 on a Opendarwin G4 machine hebind a FreeBSD 6 firewall/nat box: internet ]-[ outside IP ] modem [ 192.168.1.1 ]-[ nge0: 192.168.1.40 ] FreeBSD 6.0 : natd, ipfw [ fxp0: 10.31.21.1 ]-[ en0: 10.31.21.2 ] OpenDarwin webserver When I run apache from the firewall people can connect. Tcpdump on en0, fxp0 both show the right incoming and outgoing traffic on the webserver as expected. It also shows that incoming traffic on the firewall on port 80 is succesfully translated to to the firewall's IP. I can access the website from the LAN (from the firewall itself and going through the firewall via not shown nge1 10.31.20.1) Does tcpdump show the web server returning packets to the firewall? That is, are you barking at ipfw/natd when the problem is the web server's idea of proper routing for addresses outside the firewall? If the web server gets requests from the firewall and also returns them properly, add verbose logging to every ipfw rule so you can see exactly where they get clobbered. I am clearly missing something here in the way the respond from the webserver should be sent back to the internet requests. If I only knew what... I have tried adding lines like: ipfw 3 add divert 8668 all from any to any 80 I don't think that is what you want. I even tried running a second natd and diverting all traffic on port 80 through it without any result. Nor that. I am out of ideas now... Goole-ing for a month lead me to instructions how to run ipfw OR natd, i couldn't find one that combinse the two. man natd more /etc/rc.firewall (the stock rc.firewall, not one you've heavily experimented on) It should be pretty simple to make them work together. Perhaps you're trying to make it more complicated than it is? Simply divert to natd at an appropriate place in your ipfw rule set. Note how the example rules in the stock rc.firewall do RFC 1918 spoof checks before and after the divert, then get into what kinds of non-spoofed connections are permitted or denied. Can anyone help me setup nat and ipfw so that the webserver is able to respond to incoming http requests? Many thanks in advance, Arno HARDWARE: internet ]-[ outside IP ] modem [ 192.168.1.1 ]-[ nge0: 192.168.1.40 ] FreeBSD 6.0 : natd, ipfw [ fxp0: 10.31.21.1 ]-[ en0: 10.31.21.2 ] OpenDarwin webserver GREP NAT /ETC/RC.CONF: natd_program=/sbin/natd # path to natd, if you want a different one. natd_enable=YES # Enable natd (if firewall_enable == YES). natd_interface=nge0 # Public interface or IPaddress to use. natd_flags=-f /etc/natd.conf # Additional flags for natd. /ETC/NATD.CONF: unregistered_only yes use_sockets yes same_ports yes dynamic yes ### Forward all incoming http access to Webserver redirect_port tcp 10.31.21.2:8080 redirect_port tcp 192.168.1.40:80 10.31.21.2:80 My working gateway's natd.conf uses only one redirect: redirect_port real.web.server.IP:8080 Is the second redirect above part of your problem? Seems odd. Sorry, I haven't time to offer any specific advice on your ipfw rules except to suggest that liberal use of logging can help you isolate any bad assumptions really quickly, especially if you are able to test in a controlled lab environment so there isn't a lot of noise. -- Greg Barniskis, Computer Systems Integrator South Central Library System (SCLS) Library Interchange Network (LINK) gregb at scls.lib.wi.us, (608) 266-6348 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]