Find the answer to your Linux question:
Results 1 to 5 of 5
Hi folks, VMWare Server Ubuntu 7.04 server amd64 (Host) Internal IP addr 192.168.0.10 Port forwarded 80, 443 CentOS 5 x56_64 (Guest) Internal IP addr 192.168.0.20 Port forwarded 8080 Router - ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Linux Guru
    Join Date
    Sep 2004
    Posts
    1,792

    Port forwarding


    Hi folks,


    VMWare Server

    Ubuntu 7.04 server amd64 (Host)
    Internal IP addr 192.168.0.10
    Port forwarded 80, 443


    CentOS 5 x56_64 (Guest)
    Internal IP addr 192.168.0.20
    Port forwarded 8080


    Router - Linksys Ethernet Fast Cable/DSL 4-way switch
    (on load from ISP with password locked by ISP)


    On Internet https://public_ip:8080 can visit the Default Apache page on CentOS (webpage not established). Now I expect to run https://public_ip instead (w/o 8080. This is a test. Apache on Ubuntu will be stopped)


    I googled a while coming up with following steps to re-set the router;


    Applications & Gaming:

    Port Range Forwarding
    Code:
    Application	Start	End	Protocol	IP Addr		Enabled
    web		80	80	Both		192.168.0.20	check
    				(TCP/UDP)
    Port Triggering
    Code:
    Application	Triggered Range		Forwarded Range
    Web		Start Port End Port	Start Port End Port
    		80         80 		8080	   8080
    Edit httpd.conf on CentOS

    Change;
    Listen 8080

    to;
    Listen 80


    Please shed me some light before I call ISP to reset the router. Whether the above setting will cater my need. TIA



    Shall I do anything on "UPnP Forwarding"


    B.R.
    satimis

  2. #2
    Linux Guru
    Join Date
    Nov 2007
    Posts
    1,755
    Using https means port 443, not 80. If you type http:// into a web browser, it defaults to connecting to port 80. Encrypted https:// defaults to port 443. You *could* run an SSL httpd server on port 80, but you would have to type https://ip:80 into the browser.

    A) If you are using https://ip_address, then all you need to do is forward port 443 on the router. Apache should have SSL httpd enabled - usually by creating/editing the ssl.conf Apache file.

    B) You are not using port triggering at all. Read up on what that is.

    C) Generally, UPnP is not a good thing to enable. Again, read up on what it is. With UPnP enabled, any application can get the router to open/forward ports on demand. This is a very bad thing if your machine ever becomes compromised.

  3. #3
    Linux Guru
    Join Date
    Sep 2004
    Posts
    1,792
    Quote Originally Posted by HROAdmin26 View Post
    Using https means port 443, not 80. If you type http:// into a web browser, it defaults to connecting to port 80. Encrypted https:// defaults to port 443. You *could* run an SSL httpd server on port 80, but you would have to type https://ip:80 into the browser.

    A) If you are using https://ip_address, then all you need to do is forward port 443 on the router. Apache should have SSL httpd enabled - usually by creating/editing the ssl.conf Apache file.

    B) You are not using port triggering at all. Read up on what that is.

    C) Generally, UPnP is not a good thing to enable. Again, read up on what it is. With UPnP enabled, any application can get the router to open/forward ports on demand. This is a very bad thing if your machine ever becomes compromised.
    Thanks for your advice and URL


    Performed following test;

    Request ISP to forward port 443 to CentOS (192.168.0.20)
    (forward port 8080 back to Ubuntu , 192.168.0.10)


    On CentOS

    Edit /etc/httpd/conf/httpd.conf
    Add "Listen 443" and comment out;
    Listen 80
    Listen 8080


    # service httpd start
    Code:
    Starting httpd: (98)Address already in use: make_sock: could not bind to address [::]:443
    (98)Address already in use: make_sock: could not bind to address 0.0.0.0:443
    no listening sockets available, shutting down
    Unable to open logs

    The fix is as follow;

    Edit /etc/httpd/conf.d/ssl.conf
    comment out "Listen 443"
    Code:
    ....
    #
    # When we also provide SSL we have to listen to the
    # the HTTPS port in addition.
    #
    #Listen 443
    ...

    # service httpd start
    Code:
    Starting httpd:                                            [  OK  ]

    https://public_ip
    displays Apache default page on CentOS


    http://public_ip
    displays Apache default page on Ubuntu

    http://public_ip/mail
    starts SquirrelMail on Ubuntu


    After commenting out "Listen 443" on ssl.conf, what port shall I add to replace it? Otherwise ssl won't work??? But I have only 1 port, 443, forwarded to CentOS. What shall I do? TIA


    Furthermore if forwarding all www ports, 80, 443, 8080 to CentOS then leaving no www port connected to Ubuntu, SquirrelMail won't work. It is a web-base application. Any solution? Thanks


    B.R.
    satimis

  4. #4
    Linux Guru
    Join Date
    Nov 2007
    Posts
    1,755
    Please read the Apache documentation on providing an SSL httpd.

    You WANT the ssl.conf to listen on port 443 - that is the SSL httpd.

    Forward whetever web port SquirrelMail is using to Ubuntu, but it will have to be something different from any web port on CentOS, since you can't forward the same port to 2 different machines. So, for example, if they both require https, you'll have to pick one.

  5. #5
    Linux Guru
    Join Date
    Sep 2004
    Posts
    1,792
    Quote Originally Posted by HROAdmin26 View Post
    Please read the Apache documentation on providing an SSL httpd.

    You WANT the ssl.conf to listen on port 443 - that is the SSL httpd.

    Forward whetever web port SquirrelMail is using to Ubuntu, but it will have to be something different from any web port on CentOS, since you can't forward the same port to 2 different machines. So, for example, if they both require https, you'll have to pick one.
    Thanks for your advice.

    I can revoke all changes made. This is only a test on virtualization. I have no intention to run CentOS, the Guest, as Web server.

    I'm now at lost what will be the use or advantage to go virtualization? I can't ran mail and web server on Host/Guest separately. What shall I make use of the Guest ? Only for testing?

    I haven't tested if w/o web port connected on Host, the Mail Server, whether I can ran SquirrelMail remotely. I suppose the chance is remote. Any comment/advice? TIA


    satimis

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •