Re: webserver and natd

2009-09-03 Thread Odhiambo Washington
On Wed, Sep 2, 2009 at 1:02 AM, Razvan Cristea cristea.raz...@yahoo.comwrote:

 Hello,

 i have a webserver useing freebsd 7.2 and i user the same server to route
 internet to a local network.
 the internet on the local network is working fine but the sites from the
 webserver are loading verry slow.

 i fave this configuration in rc.conf:

 firewall_enable=YES
 firewall_type=open
 firewall_logging=YES
 gateway_enable=YES
 natd_enable=YES
 natd_interface=bce0

 Can you please help me?


The server needs to know itself either via local DNS or via /etc/hosts
So you may need entries in, say, /etc/hosts for every website running on it.

-- 
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254733744121/+254722743223
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
If you have nothing good to say about someone, just shut up!.
  -- Lucky Dube
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: webserver and natd

2009-09-03 Thread Razvan Cristea
Solved.

It's a bug in version 7.2

info here: 
http://groups.google.com/group/muc.lists.freebsd.stable/browse_thread/thread/35f137a0e43b3175/d317dc58af6d4be2

Cu prietenie,
Razvan Cristea
=
http://www.adventube.ro
=

--- On Thu, 9/3/09, Odhiambo Washington odhia...@gmail.com wrote:

From: Odhiambo Washington odhia...@gmail.com
Subject: Re: webserver and natd
To: Razvan Cristea cristea.raz...@yahoo.com
Cc: freebsd-questions@freebsd.org
Date: Thursday, September 3, 2009, 1:07 PM



On Wed, Sep 2, 2009 at 1:02 AM, Razvan Cristea cristea.raz...@yahoo.com wrote:


Hello,

 

i have a webserver useing freebsd 7.2 and i user the same server to route 
internet to a local network.

the internet on the local network is working fine but the sites from the 
webserver are loading verry slow.

 

i fave this configuration in rc.conf:

 

firewall_enable=YES

firewall_type=open

firewall_logging=YES

gateway_enable=YES

natd_enable=YES

natd_interface=bce0

 

Can you please help me?
The server needs to know itself either via local DNS or via /etc/hosts
So you may need entries in, say, /etc/hosts for every website running on it.
 


-- 
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254733744121/+254722743223
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
If you have nothing good to say about someone, just shut up!.


               -- Lucky Dube






___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: webserver and natd

2009-09-01 Thread Steve Bertrand
Razvan Cristea wrote:
 Hello,
  
 i have a webserver useing freebsd 7.2 and i user the same server to route 
 internet to a local network.
 the internet on the local network is working fine but the sites from the 
 webserver are loading verry slow.
  
 i fave this configuration in rc.conf:
  
 firewall_enable=YES
 firewall_type=open
 firewall_logging=YES
 gateway_enable=YES
 natd_enable=YES
 natd_interface=bce0
  
 Can you please help me?

Do you have a proper DNS name set up for the IP that the web server is
running on?

How are you accessing the web server... by name or IP?

I'll assume that you are using Apache. What does the ServerName
directive say?

Steve


smime.p7s
Description: S/MIME Cryptographic Signature


Re: webserver and natd

2009-09-01 Thread Steve Bertrand
Razvan Cristea wrote:
 Razvan Cristea wrote:
  Hello,
  
  i have a webserver useing freebsd 7.2 and i user the same server
 to route internet to a local network.
  the internet on the local network is working fine but the sites
 from the webserver are loading verry slow.
  
  i fave this configuration in rc.conf:
  
  firewall_enable=YES
  firewall_type=open
  firewall_logging=YES
  gateway_enable=YES
  natd_enable=YES
  natd_interface=bce0
  
  Can you please help me?
 
 Do you have a proper DNS name set up for the IP that the web server is
 running on?
 
 How are you accessing the web server... by name or IP?
 
 I'll assume that you are using Apache. What does the ServerName
 directive say?

 The webserver works just fine when the firewall is not enabeled.
 But when i enabele any firewall the webserver seems to be overloaded
 or something and loads the pages verry slow.
 The problem is that natd is not working without firewall activated.
  
 i have apache (directadmin cpanel)

It's been years since I've needed to use NAT, so unfortunately, I can't
help here.

I'm sure someone else will speak up. If nothing comes up in the next
while, perhaps asking on -ipfw will help (but do not cross-post).

Steve


smime.p7s
Description: S/MIME Cryptographic Signature


Re: Webserver

2007-08-13 Thread Reid Linnemann

Written by Snoopy on 08/13/07 03:04

Hello,
I want to build a Freebsd based webserver and all the stuff works quiet 
well, I got ruby on rails installed (ports/www/rubygem-rails) and I'm 
able to start webrick (the integrated webserver) also I  installed the 
hole mysql package (server, client , scripts all 5.0).


But I still have some problems !
First I do not know how to configure the Ftp server. I disabled 
anonymous login (during the setup)and I killed the '#' in the inetd.conf 
in the line for ftp (ftp   stream  tcp   nowait root /usr/libexec/ftpd 
ftpd -l) and saved this file ! Now I want to login with a normal account 
(also user account) via ftp and it does not work! please help ! Also 
there is no open port!




You have to restart inetd to get it to re-read inetd.conf. The way I'd 
suggest is to do '/etc/rc.d/inetd restart'.



The other problem is about MYSQL
It works for me (mysql version 5). But I can not connect as remote from 
an other computer ! I enabled it in the rc.conf and the mysql ports 
seems to be open ! (did a port scan from the remote). But I can not 
access the database as remote. Also I created a new user in mysql (user 
with all privileges) i can not connect to the server as remote, neither 
with the root nor with my new account (but the new account works from 
the inside as well).
I had been told to change a file called my.conf but I do not find this 
file ! Can you pleasetell me where my mysql configuration is saved ! thx 
for help !




You don't need to edit my.conf, but you do have to add permissions on 
the database in question for your user from hosts other than localhost. 
The table mysql.db is the one you're looking for. If you want your user 
to have permissions from any host, use '%' for the Host column.

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]


RE: Webserver

2007-08-13 Thread fbsd2
Sounds like your firewall is blocking inbound ports for remote mysql and FTP
access.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Snoopy
Sent: Monday, August 13, 2007 4:04 AM
To: freebsd-questions@FreeBSD.org
Subject: Webserver

Hello,
I want to build a Freebsd based webserver and all the stuff works
quiet well, I got ruby on rails installed (ports/www/rubygem-rails)
and I'm able to start webrick (the integrated webserver) also I
installed the hole mysql package (server, client , scripts all 5.0).

But I still have some problems !
First I do not know how to configure the Ftp server. I disabled
anonymous login (during the setup)and I killed the '#' in the
inetd.conf in the line for ftp (ftp   stream  tcp   nowait root /usr/
libexec/ftpd ftpd -l) and saved this file ! Now I want to login with a
normal account (also user account) via ftp and it does not work!
please help ! Also there is no open port!

The other problem is about MYSQL
It works for me (mysql version 5). But I can not connect as remote
from an other computer ! I enabled it in the rc.conf and the mysql
ports seems to be open ! (did a port scan from the remote). But I can
not access the database as remote. Also I created a new user in mysql
(user with all privileges) i can not connect to the server as remote,
neither with the root nor with my new account (but the new account
works from the inside as well).
I had been told to change a file called my.conf but I do not find this
file ! Can you pleasetell me where my mysql configuration is saved !
thx for help !

Regrades Snoopy

PS: I'm sorry for my english and the bad kind of description I gave
you, but I'm a total newbe to Freebsd !

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]


Re: Webserver behind nat/ipfw

2006-03-03 Thread Greg Barniskis

freebsd-questions wrote:

Hello all,

I have been struggling for the last months now to run a webserver behind 
a firewall.
I have installed apache 2 on a Opendarwin G4 machine hebind a FreeBSD 6 
firewall/nat box:


internet  ]-[ outside IP ] modem [ 192.168.1.1 ]-[ nge0: 
192.168.1.40 ] FreeBSD 6.0 : natd, ipfw [ fxp0: 10.31.21.1 ]-[ en0: 
10.31.21.2 ] OpenDarwin webserver


When I run apache from the firewall people can connect.
Tcpdump on en0, fxp0 both show the right incoming and outgoing traffic 
on the webserver as expected.
It also shows that incoming traffic on the firewall on port 80 is 
succesfully translated to to the firewall's IP.
I can access the website from the LAN (from the firewall itself and 
going through the firewall via not shown nge1 10.31.20.1)


Does tcpdump show the web server returning packets to the firewall? 
That is, are you barking at ipfw/natd when the problem is the web 
server's idea of proper routing for addresses outside the firewall?


If the web server gets requests from the firewall and also returns 
them properly, add verbose logging to every ipfw rule so you can see 
exactly where they get clobbered.



I am clearly missing something here in the way the respond from the 
webserver should be sent back to the internet requests.

If I only knew what...

I have tried adding lines like:
ipfw 3 add divert 8668 all from any to any 80


I don't think that is what you want.

I even tried running a second natd and diverting all traffic on port 80 
through it without any result.


Nor that.


I am out of ideas now...
Goole-ing for a month lead me to instructions how to run ipfw OR natd, i 
couldn't find one that combinse the two.


man natd
more /etc/rc.firewall

(the stock rc.firewall, not one you've heavily experimented on)

It should be pretty simple to make them work together. Perhaps 
you're trying to make it more complicated than it is?


Simply divert to natd at an appropriate place in your ipfw rule set. 
Note how the example rules in the stock rc.firewall do RFC 1918 
spoof checks before and after the divert, then get into what kinds 
of non-spoofed connections are permitted or denied.


Can anyone help me setup nat and ipfw so that the webserver is able to 
respond to incoming http requests?


Many thanks in advance,

Arno


HARDWARE:
internet  ]-[ outside IP ] modem [ 192.168.1.1 ]-[ nge0: 
192.168.1.40 ] FreeBSD 6.0 : natd, ipfw [ fxp0: 10.31.21.1 ]-[ en0: 
10.31.21.2 ] OpenDarwin webserver


GREP NAT /ETC/RC.CONF:
natd_program=/sbin/natd   # path to natd, if you want a different 
one.

natd_enable=YES   # Enable natd (if firewall_enable == YES).
natd_interface=nge0   # Public interface or IPaddress to use.
natd_flags=-f /etc/natd.conf  # Additional flags for natd.


/ETC/NATD.CONF:
unregistered_only yes
use_sockets yes
same_ports yes
dynamic yes

### Forward all incoming http access to Webserver
redirect_port tcp 10.31.21.2:8080
redirect_port tcp 192.168.1.40:80 10.31.21.2:80


My working gateway's natd.conf uses only one redirect:

redirect_port real.web.server.IP:8080

Is the second redirect above part of your problem? Seems odd.

Sorry, I haven't time to offer any specific advice on your ipfw 
rules except to suggest that liberal use of logging can help you 
isolate any bad assumptions really quickly, especially if you are 
able to test in a controlled lab environment so there isn't a lot of 
noise.





--
Greg Barniskis, Computer Systems Integrator
South Central Library System (SCLS)
Library Interchange Network (LINK)
gregb at scls.lib.wi.us, (608) 266-6348
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]