WWW redirection

WWW redirection

Post by Tobias Galitzie » Sat, 28 Nov 1998 04:00:00



Hello!

I have a Linux (SuSE 5.3, 2.0.35) machine here which connects the
company LAN via IP-Masquerading to the Internet. It hat one official
IP-Adress, the LAN is all private.

Now we have an internal web server with a private IP address, thus
accessible only from inside the company LAN.

Does a software exist which can listen at port 80 on the Linux box, can
react on a particular URL and then can redirect the www packets to this
special internal web server?

What I want is to give public access to _one_ particular page on this
web server - not to the complete server so the application has to be
able to distinguish URLs.

Thanks for answer!
        Tobias

 
 
 

WWW redirection

Post by Greg Wee » Sat, 28 Nov 1998 04:00:00




Quote:> Hello!

> I have a Linux (SuSE 5.3, 2.0.35) machine here which connects the
> company LAN via IP-Masquerading to the Internet. It hat one official
> IP-Adress, the LAN is all private.

> Now we have an internal web server with a private IP address, thus
> accessible only from inside the company LAN.

> Does a software exist which can listen at port 80 on the Linux box, can
> react on a particular URL and then can redirect the www packets to this
> special internal web server?

> What I want is to give public access to _one_ particular page on this
> web server - not to the complete server so the application has to be
> able to distinguish URLs.

here is my standard answer

------------------------------------------------------
Question:

I want to run a web server inside my Linux IP Masquerade firewall that
can be accessed from the internet. How do I do this.

Standard Answer:

A pin hole allows incoming connection to go through a firewall to an
internal machine for a specific service. There are two ways that I
know of to open a pin hole in an IP Masq Linux firewall without
proxying. Both are mentioned at the IP Masq resource page at
http://ipmasq.home.ml.org/ or http://ipmasq2.home.ml.org/ They are
redir and ipportfw. I tried redir first, and while it works and has
the advantage that you can test it from inside the firewall it has the
disadvantage that the logs on the web server show all connections as
coming from the firewall. ipportfw is a kernel patch and a utility to
change the kernel tables. It's advantages are it's faster and the logs
show the correct source. It's biggest disadvantage is that it's only
testable from outside the firewall. ipportfw information is at
http://www.ox.compsoc.org.uk/~steve/portforwarding.html and redir is
at
http://www.geocities.com/SiliconValley/Heights/2288/redir_0.7.orig.ta...
Any pin hole poses a security risk as it bypasses your firewall. Use
them with care.
------------------------------------------------------

In your case if you don't want to configure your web server with
security run two copies of the web server. One on port 80 for
internal use and one on port 8080 that only has the one page you want
available outside and redirect port 80 on the FW to port 8080 on the
internal machine. You could also run an actual web proxy on the FW.

Greg Weeks
--
http://weeks.home.ml.org/

 
 
 

WWW redirection

Post by Brian McCaule » Sat, 28 Nov 1998 04:00:00



> I have a Linux (SuSE 5.3, 2.0.35) machine here which connects the
> company LAN via IP-Masquerading to the Internet. It hat one official
> IP-Adress, the LAN is all private.

> Now we have an internal web server with a private IP address, thus
> accessible only from inside the company LAN.

> Does a software exist which can listen at port 80 on the Linux box, can
> react on a particular URL and then can redirect the www packets to this
> special internal web server?

I believe NAT or redir could b used to do this for the whole web server.

Quote:> What I want is to give public access to _one_ particular page on this
> web server - not to the complete server so the application has to be
> able to distinguish URLs.

If it's not a silly question why not just put the page up on a web
server on the gateway machine?

--

  .  _\\__[oo   faeces from    | Phones: +44 121 471 3789 (home)

 .  l___\\    /~~) /~~[  /   [ | PGP-fp: D7 03 2A 4B D8 3A 05 37...
  # ll  l\\  ~~~~ ~   ~ ~    ~ | http://www.wcl.bham.ac.uk/~bam/
 ###LL  LL\\ (Brian McCauley)  |

 
 
 

WWW redirection

Post by Scot E. Wilcoxo » Sat, 28 Nov 1998 04:00:00


Quote:> Any pin hole poses a security risk as it bypasses your firewall. Use
> them with care.

Consider three Ethernet cards in the firewall:
        1. connection to Internet
        2. connection to internal LAN
        3. connection to Web server.

Yes, isolate the Web server from your internal LAN.  Put it on
a DMZ LAN which has some firewall protection from the Internet, but
is not trusted enough to be directly on your internal LAN.

 
 
 

WWW redirection

Post by William R. Matti » Sun, 29 Nov 1998 04:00:00



> Hello!

> I have a Linux (SuSE 5.3, 2.0.35) machine here which connects the
> company LAN via IP-Masquerading to the Internet. It hat one official
> IP-Adress, the LAN is all private.

> Now we have an internal web server with a private IP address, thus
> accessible only from inside the company LAN.

> Does a software exist which can listen at port 80 on the Linux box, can
> react on a particular URL and then can redirect the www packets to this
> special internal web server?

> What I want is to give public access to _one_ particular page on this
> web server - not to the complete server so the application has to be
> able to distinguish URLs.

While I am not 100% sure that this is *exactly* what you want ... squid
works quite well at enabling outside requests to access an inside
webserver through a ipfwadm'd internet connection. I don't have the URL
handy, but any web search will turn it up.

Regards
Bill

--
William R. Mattil       | Fred Astaire wasn't so great.

(972) 256-3219          | and... in high heels.

 
 
 

WWW redirection

Post by William R. Matti » Sun, 29 Nov 1998 04:00:00




> > I have a Linux (SuSE 5.3, 2.0.35) machine here which connects the
> > company LAN via IP-Masquerading to the Internet. It hat one official
> > IP-Adress, the LAN is all private.

> > Now we have an internal web server with a private IP address, thus
> > accessible only from inside the company LAN.

> > Does a software exist which can listen at port 80 on the Linux box, can
> > react on a particular URL and then can redirect the www packets to this
> > special internal web server?

> I believe NAT or redir could b used to do this for the whole web server.

> > What I want is to give public access to _one_ particular page on this
> > web server - not to the complete server so the application has to be
> > able to distinguish URLs.

> If it's not a silly question why not just put the page up on a web
> server on the gateway machine?

Hi Brian! :^)

Its not a silly question at all but for those of us using inferior CPU's
as firewall machines (486 DX66 - 386's et all) The mere presance  of a
web server could mean the death of the machine. Especially when its
"protecting" (note the quotes) a much higher HP machine that is more
capable. Particularly if one considers the expense of cgi. Running a
proxy server ties up less system resources IMHO.

Regards
Bill

PS: The other .sig was better! :^)_

--
William R. Mattil       | Fred Astaire wasn't so great.

(972) 256-3219          | and... in high heels.

 
 
 

1. implementation of redirection and redirection error handling

hi all,

I would like to know how redirection is implemented internally?Is it
implemented using pipes?what would happen when a command like 'ls >
ls.out' this is run ?

I also need information on redirection error handling.If the output of
a command/binary is redirected to a file in a file system that is
full,is it the responsibility of the shell or the binary to do the
error handling and display an appropriate error message(Ex:There is no
space on the device)?

For ex:ls > /tmp/ls.out

when the output of ls is redirected to /tmp/ls.out(where the file
system /tmp is full),should the error handling be done by the shell or
ls?

Any info on this would be appreciated.

2. Linux links

3. WWW: Request for Feedback on WWW site on Linux distributions

4. NIS+ Breaks Telnet Connections

5. Repocopy request: www/jakarta-tomcat4 -> www/jakarta-tomcat4-devel

6. can't find /dev/kbd ?

7. Just noticed this on comp.infosystems.www (Re: WWW Announcement at PC Week)

8. Win A Ferrari F355

9. WWW: Linux BYTE Benchmarks WWW Site

10. Repocopy request: www/jakarta-tomcat4 -> www/jakarta-tomcat41

11. WWW: linux for starters WWW-page

12. LOCAL/WWW: Czech Linux WWW page

13. WWW: Kernel Mailing list FAQ WWW Site