From: gui <whereisgui@gmail.com>
To: netfilter@lists.netfilter.org
Subject: Protecting multiple webservers
Date: Tue, 11 Jan 2005 17:01:29 -0800 [thread overview]
Message-ID: <48be50bb05011117016487055e@mail.gmail.com> (raw)
Hello,
I work as a computer programmer for a small university and I was asked
to set up a firewall to protect three Apache web servers. Each server
runs on its own machine, each server has its own name, public IP
address and they all listen on port 80.
After reading a few howto's, I came up with the following iptables
rules (I won't list all of them):
#www.server1.edu
-A PREROUTING -i eth0 -p tcp -d X.X.X.103 --dport 80 -j DNAT --to 192.168.0.2:80
#www.server2.edu
-A PREROUTING -i eth0 -p tcp -d X.X.X.103 --dport 8080 -j DNAT --to
192.168.0.3:80
Those rules work fine in the little network I created in my office.
Now I want to try the set up with the real servers. Due to the fact
that I know little about networking, can someone tell me whether I can
keep the public IP addresses and names of the servers and somehow make
requests to www.server2.edu go through the firewall?
I want to do this so that our users won't notice the change and if
something goes wrong I can easily undo the changes without having to
contact our IT department to make changes to the school's DNS server.
I would also appreciate if someone tells me whether I can add two more
web servers to this set up without having to open another "dport". Is
it possible to create a one-to-many mapping with iptables? That way I
only have to open port 80 on the firewall and still allow incoming
connections to different nated machines.
Any pointers, suggestions will be greatly appreciated.
Thanks.
next reply other threads:[~2005-01-12 1:01 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-01-12 1:01 gui [this message]
[not found] <15069645.1105491740310.JavaMail.rct@kale>
2005-01-12 4:01 ` Protecting multiple webservers Bob Tellefson
2005-01-12 15:14 ` Maxime Ducharme
2005-01-12 15:37 ` Samuel Jean
2005-01-12 19:57 ` John A. Sullivan III
-- strict thread matches above, loose matches on Subject: below --
2005-01-19 20:37 gui
2005-01-19 20:58 ` Jason Opperisano
2005-01-19 21:07 Hudson Delbert J Contr 61 CS/SCBN
2005-01-19 22:35 gui
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=48be50bb05011117016487055e@mail.gmail.com \
--to=whereisgui@gmail.com \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.