Find the answer to your Linux question:
Results 1 to 3 of 3
We have a block of static addresses. One static is configured directly on a Fedora computer for hosting a test web site and for running outbound apps that don't like ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    May 2009
    Posts
    2

    Two net interface - hosting same web site - NAT and No-NAT


    We have a block of static addresses. One static is configured directly on a Fedora computer for hosting a test web site and for running outbound apps that don't like NAT. I am now trying to host the same site on the same server through a NAT router on a different public IP. NAT access to the site works when the No-NAT interface is disabled. It doesn't work with the No-NAT interface enabled. I want BOTH public addresses to access the web site at the same time.

    This is some kind of "two default gateway" problem. The NAT interface 192.168.27.20 has a DG setting of 192.168.27.12 . . the LAN side of the nat router. The No-NAT interface has the DG setting of an IP on the modem that has always worked.

    The web site is accessable internally on 192.168.27.20, but not through the NAT router if the No-NAT interface is enabled. I have tried leaving the DG setting on the No-NAT interface blank and the NAT access still does not work. Only deactivating the No-NAT interface permits access to site through the NAT router.

    Its not a web service binding issue because the site is available from both interfaces at the same time if accessed directly - not going throught the NAT router.

    Is there a way to make this work ? Can interface specific routes be put somewhere to replace the DG settings ? and would that help ?

    -------------

    ( Someone always wants to ask "Why?" We need a test server that responds to TCP Port scans on a list of 50 specific TCP ports. This NAT router also has Port translation, so the port 80 web site can answer on 50 different TCP ports by configuring 50 inbound rules. We run test for banks. Well managed banks have outbound access controls limiting outbound ports to the 3,4 or 5 ports needed for business. Not-so-secure banks usually have no outbound port filtering. We can run a port scan against this server from within the bank to test the bank's outbound port filtering. We have already had this setup on standalone windows web server, but I wanted to consolidate by putting this test feature on our existing Fedora Web / Outbond-app server. )

    (What cheap router has PAT forwarding and accepts an unlimited number of port forwarding rules ? The crappy Microsoft MN-500 wireless router from 2003. I haven't seen any other consumer router that does PAT rules and allows an unlimited number of rules . . or until it runs out of flash )

  2. #2
    Linux Newbie TrashOverride's Avatar
    Join Date
    May 2004
    Location
    @home...soon in your homes ;) /usr/src/bulgaria
    Posts
    162
    what's the no-NAT interface ip?
    Have you tried Packet Tracer?

  3. #3
    Just Joined!
    Join Date
    May 2009
    Posts
    2
    I am not familiar with Packet Tracer. I will look into it.

    I don't want to publish the IP on this server. We already shut it down when we are not using it because of all the traffic it collects.

    thanks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •