Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 23 Dec 2003 13:27:04 -0600
From:      "Jack L. Stone" <jackstone@sage-one.net>
To:        freebsd-questions@freebsd.org
Subject:   NAT Address Redirects
Message-ID:  <3.0.5.32.20031223132704.01e14640@10.0.0.10>

next in thread | raw e-mail | index | archive | help
On my own servers which are all FBSD machines, I use the classic method of
redirecting an IP address from a Gateway machine to a main host and its
vhosts located on an Internal Machine like so:

redirect_address 192.168.0.5 123.xxx.xxx.101 <-- main host
...then Apache sends any requests to a vhost to its own IP:
   192.168.0.5 -> 123.xxx.xxx.102
   192.168.0.5 -> 123.xxx.xxx.103

However, on an ISP where I manage servers, we have a new FBSD Gateway set
that is working fine for the internal FBSD machines behind that GW, just as
above. However, there are also some Window Servers to be setup behind the
Gateway and I was asked if I could do the redirect of several public IPs to
a single Internal IP address as follows (the Win servers run IIS -- not
Apache:

Redirect from FBSD GW to single Window Server
(all of the internal IPs are on one machine):
redirect_address 192.168.0.5 123.xxx.xxx.101
redirect_address 192.168.0.6 123.xxx.xxx.102
redirect_address 192.168.0.7 123.xxx.xxx.103

I have never seen this setup before but, I tried it and it works -- that is
until we pull out the Gateway ad0 drive and put it into another FBSD
machine. This is an experiment to see if the main GW were to go down, could
we pull the HD (or a clone HD) and move it to another machine to get right
back up and running as before.

We have tried this exercise on several identical FBSD machines and find
that the redirects no longer work. Eventually, the one FBSD internal
machine on this new network test will start resolving, but not the Window
stations -- although even here, the FTP will work, but not the port 80 webs
on the Window machines. Moving back to the original machine works again.

We have tried to isolate anything that might be the slightest way different
to figure out why the addresses no longer redirect to port 80 and I have
pretty much concluded that IIS does not handle things like Apache does and
that we cannot redirect as in the FBSD-->Windows example above.

Many times, I have successfully switched GW machines using the same HD and
things worked as before. This allows me to bring down a GW machine to do
maintenance while keeping all of the services running on another machine.

Admittedly, I have not run Windows servers and am unfamiliar with IIS and
highly suspect this as the culprit.

Sorry for the length of this one, but was as brief as possible. Any
suggestions greatly appreciated as this put us at the crossroads of whether
to switch to FBSD as a GW/NAT/FW/Router.

Thanks & Happy Holidays!

Best regards,
Jack L. Stone,
Administrator

SageOne Net
http://www.sage-one.net
jackstone@sage-one.net



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3.0.5.32.20031223132704.01e14640>