 |
|
[leaf-user] Bering-uClibc 2.2.1 IP Alias Configuration Question
I've run my firewall with this software for several years. Recently
changed ISP and in the confusion something went wrong that I can't figure out. The firewall is supposed to send web browser requests and ssh requests to a computer on the local net. The Apache server is configured using virtualhost to provide results based on one of several domain name all of which resolve to the same ip address 173.x.x.180. However, the virtualhost configuration is only read if a wild card is given for the ip address or the computer's local ip address (192.168.1.120)! Other sites which should be served based on their IP address alone are not seen at all. It seems to me that the HTTP request is being rewritten to contain the local destination (192.168.1.120) rather than the originating address (173.x.x.180). Configuration information is given below. I'd appreciate any advice on how to proceed. Results from "ip addr" 1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo 2: dummy0: <BROADCAST,NOARP> mtu 1500 qdisc noop link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff 3: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:50:bf:1c:57:f2 brd ff:ff:ff:ff:ff:ff inet 173.x.x.180/29 brd 173.x.x.255 scope global eth0 inet 173.x.x.178/29 brd 173.x.x.255 scope global secondary eth0:0 inet 173.x.x.179/29 brd 173.x.x.255 scope global secondary eth0:1 inet 173.x.x.181/29 brd 173.x.x.255 scope global secondary eth0:2 inet 173.x.x.182/29 brd 173.x.x.255 scope global secondary eth0:3 4: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:14:6c:76:1c:56 brd ff:ff:ff:ff:ff:ff inet 192.168.1.254/24 scope global eth1 Results from "ip route" 173.x.x.176/29 dev eth0 proto kernel scope link src 173.x.x.180 192.168.1.0/24 dev eth1 proto kernel scope link src 192.168.1.254 default via 173.x.x.177 dev eth0 Selected Results from "shorewall show" Shorewall-2.09 Chain at issacA - Thu Nov 5 18:43:53 UTC 2009 Chain eth0_fwd (1 references) pkts bytes target prot opt in out source destination 879 501K dynamic all -- * * 0.0.0.0/0 0.0.0.0/0 19 1068 smurfs all -- * * 0.0.0.0/0 0.0.0.0/0 state NEW 19 1068 norfc1918 all -- * * 0.0.0.0/0 0.0.0.0/0 state NEW 878 501K tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0 879 501K net2loc all -- * eth1 0.0.0.0/0 0.0.0.0/0 Chain eth0_in (1 references) pkts bytes target prot opt in out source destination 369 68491 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0 5 240 smurfs all -- * * 0.0.0.0/0 0.0.0.0/0 state NEW 5 240 norfc1918 all -- * * 0.0.0.0/0 0.0.0.0/0 state NEW 5 240 tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0 369 68491 net2fw all -- * * 0.0.0.0/0 0.0.0.0/0 Chain eth1_fwd (1 references) pkts bytes target prot opt in out source destination 945 173K dynamic all -- * * 0.0.0.0/0 0.0.0.0/0 945 173K loc2net all -- * eth0 0.0.0.0/0 0.0.0.0/0 Chain eth1_in (1 references) pkts bytes target prot opt in out source destination 385 25807 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0 385 25807 loc2fw all -- * * 0.0.0.0/0 0.0.0.0/0 Chain net2all (2 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 5 240 Drop all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 ULOG all -- * * 0.0.0.0/0 0.0.0.0/0 ULOG copy_range 0 nlgroup 1 prefix `Shorewall:net2all:DROP:' queue_threshold 1 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain net2fw (1 references) pkts bytes target prot opt in out source destination 364 68251 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8 5 240 net2all all -- * * 0.0.0.0/0 0.0.0.0/0 Chain net2loc (1 references) pkts bytes target prot opt in out source destination 860 500K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 1 48 ACCEPT tcp -- * * 0.0.0.0/0 192.168.1.120 multiport dports 80,443,22 ctorigdst 173.x.x.178 1 48 ACCEPT tcp -- * * 0.0.0.0/0 192.168.1.120 multiport dports 80,443,22 ctorigdst 173.x.x.179 9 544 ACCEPT tcp -- * * 0.0.0.0/0 192.168.1.120 multiport dports 80,443,22 ctorigdst 173.x.x.180 3 176 ACCEPT tcp -- * * 0.0.0.0/0 192.168.1.120 multiport dports 80,443,22 ctorigdst 173.x.x.181 1 48 ACCEPT tcp -- * * 0.0.0.0/0 192.168.1.120 multiport dports 80,443,22 ctorigdst 173.x.x.182 4 204 ACCEPT tcp -- * * 0.0.0.0/0 192.168.1.120 tcp dpt:25 0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.1.120 tcp dpt:25 0 0 net2all all -- * * 0.0.0.0/0 0.0.0.0/0 Chain norfc1918 (2 references) pkts bytes target prot opt in out source destination 0 0 rfc1918 all -- * * 172.16.0.0/12 0.0.0.0/0 0 0 rfc1918 all -- * * 0.0.0.0/0 0.0.0.0/0 ctorigdst 172.16.0.0/12 0 0 rfc1918 all -- * * 192.168.0.0/16 0.0.0.0/0 0 0 rfc1918 all -- * * 0.0.0.0/0 0.0.0.0/0 ctorigdst 192.168.0.0/16 0 0 rfc1918 all -- * * 10.0.0.0/8 0.0.0.0/0 0 0 rfc1918 all -- * * 0.0.0.0/0 0.0.0.0/0 ctorigdst 10.0.0.0/8 Chain reject (11 references) pkts bytes target prot opt in out source destination 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 PKTTYPE = broadcast 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 PKTTYPE = multicast 0 0 DROP all -- * * 173.x.x.255 0.0.0.0/0 0 0 DROP all -- * * 192.168.1.255 0.0.0.0/0 0 0 DROP all -- * * 255.255.255.255 0.0.0.0/0 0 0 DROP all -- * * 224.0.0.0/4 0.0.0.0/0 0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with tcp-reset 0 0 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable 0 0 REJECT icmp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-unreachable 0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain rfc1918 (6 references) pkts bytes target prot opt in out source destination 0 0 ULOG all -- * * 0.0.0.0/0 0.0.0.0/0 ULOG copy_range 0 nlgroup 1 prefix `Shorewall:rfc1918:DROP:' queue_threshold 1 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain smurfs (2 references) pkts bytes target prot opt in out source destination 0 0 ULOG all -- * * 173.x.x.255 0.0.0.0/0 ULOG copy_range 0 nlgroup 1 prefix `Shorewall:smurfs:DROP:' queue_threshold 1 0 0 DROP all -- * * 173.x.x.255 0.0.0.0/0 0 0 ULOG all -- * * 192.168.1.255 0.0.0.0/0 ULOG copy_range 0 nlgroup 1 prefix `Shorewall:smurfs:DROP:' queue_threshold 1 0 0 DROP all -- * * 192.168.1.255 0.0.0.0/0 0 0 ULOG all -- * * 255.255.255.255 0.0.0.0/0 ULOG copy_range 0 nlgroup 1 prefix `Shorewall:smurfs:DROP:' queue_threshold 1 0 0 DROP all -- * * 255.255.255.255 0.0.0.0/0 0 0 ULOG all -- * * 224.0.0.0/4 0.0.0.0/0 ULOG copy_range 0 nlgroup 1 prefix `Shorewall:smurfs:DROP:' queue_threshold 1 0 0 DROP all -- * * 224.0.0.0/4 0.0.0.0/0 Chain tcpflags (2 references) pkts bytes target prot opt in out source destination 0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x29 0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x00 0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x06 0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x03/0x03 0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:0 flags:0x16/0x02 Thanks, Bob "In theory there is no difference between theory and practice. In practice there is." Yogi Berra ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july ------------------------------------------------------------------------ leaf-user mailing list: leaf-user@list... https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/ Bookmark with:  Delicious
 Digg
 reddit
 Facebook
 StumbleUpon
Related Messages
opensubscriber is not affiliated with the authors of this message nor responsible for its content. |
All rights reserved.