Date: Tue, 23 Dec 2003 13:27:04 -0600 From: "Jack L. Stone" <jackstone@sage-one.net> To: freebsd-questions@freebsd.org Subject: NAT Address Redirects Message-ID: <3.0.5.32.20031223132704.01e14640@10.0.0.10>
next in thread | raw e-mail | index | archive | help
On my own servers which are all FBSD machines, I use the classic method of redirecting an IP address from a Gateway machine to a main host and its vhosts located on an Internal Machine like so: redirect_address 192.168.0.5 123.xxx.xxx.101 <-- main host ...then Apache sends any requests to a vhost to its own IP: 192.168.0.5 -> 123.xxx.xxx.102 192.168.0.5 -> 123.xxx.xxx.103 However, on an ISP where I manage servers, we have a new FBSD Gateway set that is working fine for the internal FBSD machines behind that GW, just as above. However, there are also some Window Servers to be setup behind the Gateway and I was asked if I could do the redirect of several public IPs to a single Internal IP address as follows (the Win servers run IIS -- not Apache: Redirect from FBSD GW to single Window Server (all of the internal IPs are on one machine): redirect_address 192.168.0.5 123.xxx.xxx.101 redirect_address 192.168.0.6 123.xxx.xxx.102 redirect_address 192.168.0.7 123.xxx.xxx.103 I have never seen this setup before but, I tried it and it works -- that is until we pull out the Gateway ad0 drive and put it into another FBSD machine. This is an experiment to see if the main GW were to go down, could we pull the HD (or a clone HD) and move it to another machine to get right back up and running as before. We have tried this exercise on several identical FBSD machines and find that the redirects no longer work. Eventually, the one FBSD internal machine on this new network test will start resolving, but not the Window stations -- although even here, the FTP will work, but not the port 80 webs on the Window machines. Moving back to the original machine works again. We have tried to isolate anything that might be the slightest way different to figure out why the addresses no longer redirect to port 80 and I have pretty much concluded that IIS does not handle things like Apache does and that we cannot redirect as in the FBSD-->Windows example above. Many times, I have successfully switched GW machines using the same HD and things worked as before. This allows me to bring down a GW machine to do maintenance while keeping all of the services running on another machine. Admittedly, I have not run Windows servers and am unfamiliar with IIS and highly suspect this as the culprit. Sorry for the length of this one, but was as brief as possible. Any suggestions greatly appreciated as this put us at the crossroads of whether to switch to FBSD as a GW/NAT/FW/Router. Thanks & Happy Holidays! Best regards, Jack L. Stone, Administrator SageOne Net http://www.sage-one.net jackstone@sage-one.net
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3.0.5.32.20031223132704.01e14640>