From owner-freebsd-questions Sun Dec 8 4:54:18 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9D24337B401 for ; Sun, 8 Dec 2002 04:54:16 -0800 (PST) Received: from smtp.infracaninophile.co.uk (smtp.infracaninophile.co.uk [81.2.69.218]) by mx1.FreeBSD.org (Postfix) with ESMTP id 80EF143EB2 for ; Sun, 8 Dec 2002 04:54:15 -0800 (PST) (envelope-from m.seaman@infracaninophile.co.uk) Received: from happy-idiot-talk.infracaninophile.co.uk (localhost [IPv6:::1]) by smtp.infracaninophile.co.uk (8.12.6/8.12.6) with ESMTP id gB8CsC46008694 for ; Sun, 8 Dec 2002 12:54:12 GMT (envelope-from matthew@happy-idiot-talk.infracaninophile.co.uk) Received: (from matthew@localhost) by happy-idiot-talk.infracaninophile.co.uk (8.12.6/8.12.6/Submit) id gB8Cs6Cb008693 for questions@FreeBSD.ORG; Sun, 8 Dec 2002 12:54:06 GMT Date: Sun, 8 Dec 2002 12:54:06 +0000 From: Matthew Seaman To: questions@FreeBSD.ORG Subject: Re: HTTP server on internal network Message-ID: <20021208125406.GC8184@happy-idiot-talk.infracaninophi> Mail-Followup-To: Matthew Seaman , questions@FreeBSD.ORG References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.1i X-Spam-Status: No, hits=-3.3 required=5.0 tests=IN_REP_TO,QUOTED_EMAIL_TEXT,REFERENCES,SPAM_PHRASE_01_02, USER_AGENT,USER_AGENT_MUTT version=2.43 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Sun, Dec 08, 2002 at 08:51:13AM +0200, Admin wrote: > Hello, > I want to run HTTP and FTP servers on internal network, and I want that > they (servers) can be visible from internet. How I must to configure my > router to get this result. > for example I want to run HTTP server on 192.168.110.100 and FTP server on > 192.168.110.101 > > internet<-->MyRouter(freebsd)<--->internal network(192.168.110.1-254) > MyRouter external address is 213.194.56.48 (example) > MyRouter internal address is 192.168.110.115 > > Internal network computers starts from 192.168.110.1 ends 192.168.110.50 and > they using gateway 192.168.110.115. > Computer with address 192.168.110.100 runing HTTP server > Computer with address 192.168.110.101 runing FTP server > > On MyRouter I'm using NAT and IPFW. > I tryed to use -redirect_port tcp 192.168.110.100:80 80 command in NAT > configuration but nothing's work > Where could be my mistake? There are two ways of approaching this problem. The first and more common mechanism is to use natd or the like to do port forwarding from your internet visible gateway to your internal hosts. You've got essentially the gist of it --- quite why it isn't working for you is unclear from what you've written, but it's probably a trivial misspelling or a fubar in your firewall ruleset or some such. This approach works very well for HTTP, but it will be difficult (if not impossible) with FTP due to the use of dual data and control channels. The other method you might consider is to install a reverse proxy on your gateway. It's just like using a web cache / proxy on your border network, except that instead of proxying your requests from inside your net for data from outside, it proxies external requests for data from inside. Something like Squid (ports/www/squid) should fit the bill, although there are many other candidates in the ports tree. Googling for 'squid reverse proxy' turns up plenty of hits amongst which you should find plenty of information about how to set it all up. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message