Date: Thu, 07 Sep 2000 01:01:39 GMT From: "Terje Oseberg" <oseberg@hotmail.com> To: freebsd-questions@FreeBSD.ORG Subject: FreeBSD 4.0 Firewall System and Problem with Apache Name Virtual Hosts Message-ID: <F274KufVma0osA91E9G0000532f@hotmail.com>
next in thread | raw e-mail | index | archive | help
I'm having a problem with Name Virtual Host's on FreeBSD 4.0.
While I was hacking at a FreeBSD 3.2 system to figure out what
I actually needed to get a minimal httpd.conf file and still
have Name Virtual Hosts work, I found something strange.
If I'm on the system under test and I telnet to localhost port 80
and do the GET requests, it doesn't work, but when I telnet to port
80 from another computer, it does work. This is on FreeBSD 3.2 that
I noticed this and with this particular config file and the original
config file that I had on that system.
I'm thinking that because that system and this 4.0 system are both
firewalls doing NAT, maybe it has something to do with that.
I'm thinking that when I telnet to localhost, it telnet's to the
wrong (internal rather than external) IP adress. And maybe the bug
in FreeBSD 4.0 is that when you telnet from outside the firewall
to port 80, it actually believes that you're inside the firewall.
I noticed this one time when I had problems getting a cisco router
to work with a FreeBSD firewall. What it was, was that when you
sent a packet to the FreeBSD firewall from inside the firewall,
the returned packet was from outside the firewall. But, it was
addressed to the proper interal IP adress. It turned out that none
of the windows or unix boxes that we were using cared that the source
IP adress what different than what it should have been, but the cisco
box was actually checking this for security reasons.
Luckily I was able to fix this problem by editing the default
/etc/rc.firewall file.
This might be a similar problem.
I mean, if apache actually believes that the the IP adress for the
GET requests are 192.168.1.1 instead of the 216.15.83.94 that it's
supposed to be, then the IP adress doesn't match with the config
file, so it will just assume that the adress is wrong and send
the default stuff rather than the name virtual host stuff.
What do you think?
Terje Oseberg
PS. The minimal httpd.conf file that I came up with can be found at:
http://216.15.83.94/httpd.conf.simple.txt
_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
Share information about yourself, create your own public profile at
http://profiles.msn.com.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?F274KufVma0osA91E9G0000532f>