From owner-freebsd-questions Sun Nov 24 5:12:59 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D721637B401 for ; Sun, 24 Nov 2002 05:12:57 -0800 (PST) Received: from smtp.infracaninophile.co.uk (happy-idiot-talk.infracaninophile.co.uk [81.2.69.218]) by mx1.FreeBSD.org (Postfix) with ESMTP id BAFFC43E91 for ; Sun, 24 Nov 2002 05:12:56 -0800 (PST) (envelope-from m.seaman@infracaninophile.co.uk) Received: from happy-idiot-talk.infracaninophile.co.uk (localhost [IPv6:::1]) by smtp.infracaninophile.co.uk (8.12.6/8.12.6) with ESMTP id gAODCsQf021170 for ; Sun, 24 Nov 2002 13:12:54 GMT (envelope-from matthew@happy-idiot-talk.infracaninophile.co.uk) Received: (from matthew@localhost) by happy-idiot-talk.infracaninophile.co.uk (8.12.6/8.12.6/Submit) id gAODCnWn021169 for freebsd-questions@FreeBSD.ORG; Sun, 24 Nov 2002 13:12:49 GMT Date: Sun, 24 Nov 2002 13:12:49 +0000 From: Matthew Seaman To: FreeBSD Mailing List Subject: Re: DHCP and an internal web server Message-ID: <20021124131249.GD19837@happy-idiot-talk.infracaninophi> Mail-Followup-To: Matthew Seaman , FreeBSD Mailing List References: <20021124070252.GA28479@tao.thought.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20021124070252.GA28479@tao.thought.org> User-Agent: Mutt/1.5.1i X-Spam-Status: No, hits=-1.9 required=5.0 tests=IN_REP_TO,REFERENCES,SPAM_PHRASE_03_05,USER_AGENT, USER_AGENT_MUTT version=2.43 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Sat, Nov 23, 2002 at 11:02:52PM -0800, Gary D Kline wrote: > > I understand that there are hardware solutions that allow > a host to run a web server thu DHCPD, but is there a way > of configuring one of my behind-the-firewall server to > serve pages. > > zen.thought.org is an example; i is an older 4.7 system > hardwired as 10.0.0.247. Is there a way of configuring > things to let http://zen.thought.org serve miscellaneous > essays and references, e.g., for my profs. > > thanks for ny clues... i'm new to dhcp... obviously! Errr... Are you by any chance confusing DHCP with NAT? All that DHCP will do for you is assign IP numbers etc. for machines on your local network and tell them where to find various services. For foreign machines trying to access your systems, it won't do anything. In fact, you really, really don't want foreign machines to be able to access your DHCP server at all. Now zen.thought.org has an RFC1918 address. That's fine for you, on your intranet, but it can't be accessed from the Internet at large. If you're going to publish stuff via HTTP from that machine you need to somehow give it access to a registered internet IP. One way of doing that is by using natd(8) to forward packets to port 80 on one of your Internet visible machines to a machine on your private network: natd -n fxp0 -redirect_port 10.0.0.247:80 80 Another way is to use a web server running apache on an internet visible machine to reverse-proxy requests for particular URI's to your internal web server. There a good discussion about using mod_rewrite to do that sort of thing in the apache manual: http://httpd.apache.org/docs/misc/rewriteguide.html Both of these solutions will require you to hardwire the address of your internal server in the dhcpd(8) config, so that you don't run into problems if the lease doesn't get renewed with the same IP number. (You might want to investigate using some DNS trickery with views to hide your internal addresses from the outside world, whilst still letting your internal machines operate normally. But that's just icing on the cake.) Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message