> Hi All, > > I've been playing around with this for a few weeks now and searched Google > endlessly, but still can't find a solution... I apologise in advance for > the > length of this post. > > Basically, I have a freebsd machine that acts as a proxy and web server to a > web > application we are currently developing. The machine is configured to serve > up > web pages via Apache on port 80, but forward any traffic requested on port > 443 > to another machine behind the firewall. Below are the relevant parts of the > rc.conf file: > > network interfaces="fxp1 lo0" > ifconfig_lo0="inet 127.0.0.1" > ifconfig_fxp1="inet 192.168.1.10 netmask 255.255.0.0" > gateway_enable="YES" > natd_enable="YES" > natd_interface="fxp1" > natd_flags="-l -m -redirect_port tcp 192.168.1.20:443 443" > > I have set the firewall to "allow ip any to any" for the sake of simplifying > the > problem. The configuration above works fine for one IP - when I request > https://192.168.1.10/ it serves the page from 192.168.1.20. I have written > a > script to add another IP to the machine to perform the same task, which is > where > the problems begin. Basically the script issues the following commands: > > # Add the alias to fxp1 > ifconfig fxp1 inet 192.168.1.11 netmask 255.255.255.255 alias > > (still not sure why the subnet mask here has to be 0xffffffff, even if I > specify > fxp0, which is a physically different port, but anyway it works) > > # Create a natd instance for the newly configured IP: > /sbin/natd -n fxp1 -port 8669 -m -redirect_port tcp 192.168.1.21:443 > 192.168.1.11 443 > > # Restart the networking > /etc/netstart > > As far as Apache is concerned this configuration is fine and it serves the > correct page as configured in the VirtualHosts (on port 80). The problem is, > is > that if I request https://192.168.1.11/, the browser times out and does not > serve the page from 192.168.1.21. > > Why is it that it works for one and not the aliased IP? natd does not bind > to > port 443 (at least nmap doesn't report it), so it's not that port 443 is > already > bound. If natd/FreeBSD actually capable of such a configuration or am I > just > overlooking something fundamental?!? Any help would be much appreciated! > > Thanks, > Leigh > > P.S - I'm running FreeBSD 4.8-RELEASE >
One thing I forgot to add were the relevant ipfw rules that I have for the nat daemons: 00050 151 17284 divert 8668 ip from any to any via fxp1 00051 151 17284 divert 8669 ip from any to any via fxp1 Regards, Leigh _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
