Port forwarding

[satimis]

Hi folks,


VMWare Server

Ubuntu 7.04 server amd64 (Host)
Internal IP addr 192.168.0.10
Port forwarded 80, 443


CentOS 5 x56_64 (Guest)
Internal IP addr 192.168.0.20
Port forwarded 8080


Router - Linksys Ethernet Fast Cable/DSL 4-way switch
(on load from ISP with password locked by ISP)


On Internet https://public_ip:8080 can visit the Default Apache page on CentOS (webpage not established). Now I expect to run https://public_ip instead (w/o 8080. This is a test. Apache on Ubuntu will be stopped)


I googled a while coming up with following steps to re-set the router;


Applications & Gaming:

Port Range Forwarding

Code:

Application	Start	End	Protocol	IP Addr		Enabled
web		80	80	Both		192.168.0.20	check
				(TCP/UDP)

Port Triggering

Code:

Application	Triggered Range		Forwarded Range
Web		Start Port End Port	Start Port End Port
		80         80 		8080	   8080

Edit httpd.conf on CentOS

Change;
Listen 8080

to;
Listen 80


Please shed me some light before I call ISP to reset the router. Whether the above setting will cater my need. TIA



Shall I do anything on "UPnP Forwarding"


B.R.
satimis

[HROAdmin26]

Using https means port 443, not 80. If you type http:// into a web browser, it defaults to connecting to port 80. Encrypted https:// defaults to port 443. You *could* run an SSL httpd server on port 80, but you would have to type https://ip:80 into the browser.

A) If you are using https://ip_address, then all you need to do is forward port 443 on the router. Apache should have SSL httpd enabled - usually by creating/editing the ssl.conf Apache file.

B) You are not using port triggering at all. Read up on what that is.

C) Generally, UPnP is not a good thing to enable. Again, read up on what it is. With UPnP enabled, any application can get the router to open/forward ports on demand. This is a very bad thing if your machine ever becomes compromised.

[satimis]

Using https means port 443, not 80. If you type http:// into a web browser, it defaults to connecting to port 80. Encrypted https:// defaults to port 443. You *could* run an SSL httpd server on port 80, but you would have to type https://ip:80 into the browser.

A) If you are using https://ip_address, then all you need to do is forward port 443 on the router. Apache should have SSL httpd enabled - usually by creating/editing the ssl.conf Apache file.

B) You are not using port triggering at all. Read up on what that is.

C) Generally, UPnP is not a good thing to enable. Again, read up on what it is. With UPnP enabled, any application can get the router to open/forward ports on demand. This is a very bad thing if your machine ever becomes compromised.

Thanks for your advice and URL


Performed following test;

Request ISP to forward port 443 to CentOS (192.168.0.20)
(forward port 8080 back to Ubuntu , 192.168.0.10)


On CentOS

Edit /etc/httpd/conf/httpd.conf
Add "Listen 443" and comment out;
Listen 80
Listen 8080


# service httpd start

Code:

Starting httpd: (98)Address already in use: make_sock: could not bind to address [::]:443
(98)Address already in use: make_sock: could not bind to address 0.0.0.0:443
no listening sockets available, shutting down
Unable to open logs

The fix is as follow;

Edit /etc/httpd/conf.d/ssl.conf
comment out "Listen 443"

Code:

....
#
# When we also provide SSL we have to listen to the
# the HTTPS port in addition.
#
#Listen 443
...

# service httpd start

Code:

Starting httpd:                                            [  OK  ]

https://public_ip
displays Apache default page on CentOS


http://public_ip
displays Apache default page on Ubuntu

http://public_ip/mail
starts SquirrelMail on Ubuntu


After commenting out "Listen 443" on ssl.conf, what port shall I add to replace it? Otherwise ssl won't work??? But I have only 1 port, 443, forwarded to CentOS. What shall I do? TIA


Furthermore if forwarding all www ports, 80, 443, 8080 to CentOS then leaving no www port connected to Ubuntu, SquirrelMail won't work. It is a web-base application. Any solution? Thanks


B.R.
satimis

[HROAdmin26]

Please read the Apache documentation on providing an SSL httpd.

You WANT the ssl.conf to listen on port 443 - that is the SSL httpd.

Forward whetever web port SquirrelMail is using to Ubuntu, but it will have to be something different from any web port on CentOS, since you can't forward the same port to 2 different machines. So, for example, if they both require https, you'll have to pick one.

[satimis]

Please read the Apache documentation on providing an SSL httpd.

You WANT the ssl.conf to listen on port 443 - that is the SSL httpd.

Forward whetever web port SquirrelMail is using to Ubuntu, but it will have to be something different from any web port on CentOS, since you can't forward the same port to 2 different machines. So, for example, if they both require https, you'll have to pick one.

Thanks for your advice.

I can revoke all changes made. This is only a test on virtualization. I have no intention to run CentOS, the Guest, as Web server.

I'm now at lost what will be the use or advantage to go virtualization? I can't ran mail and web server on Host/Guest separately. What shall I make use of the Guest ? Only for testing?

I haven't tested if w/o web port connected on Host, the Mail Server, whether I can ran SquirrelMail remotely. I suppose the chance is remote. Any comment/advice? TIA


satimis