Vyatta internet connection + hosted site on same IP

Posted by boburob on Server Fault See other posts from Server Fault or by boburob
Published on 2012-03-26T15:03:31Z Indexed on 2012/03/27 11:32 UTC
Read the original article Hit count: 306

Filed under:
|
|
|

Having a small issue setting up a vyatta.

The company internet and two different websites are both on the same IP.

Server 1 - Has websites hosted on ports 1000 and 3000 and also has a proxy server installed to provide internet connection to the domain

Server 2 - Has a website hosted on ports 80 and 433

The vyatta is correctly natting the appropriate traffic to each server, and allowing the proxy to get internet traffic, however I have a problem getting to the websites hosted on these two servers inside the domain.

I believe the problem is that the HTTP request is being sent with an IP, eg: 12.34.56.78. The request will reach the website and the server will attempt to send the request back to the IP, however this is the IP of the Vyatta, so it has nowhere else to go.

I thought the solution would be something like this:

 rule 50 {
 destination {
     address 12.34.56.78
     port 1000
 }
 inbound-interface eth1
 inside-address {
     address 10.19.2.3
 }
 protocol tcp
 type destination
 }

But this doesnt seem to do it!

UPDATE

I changed the rules to the following:

 rule 50 {
 destination {
     address 12.34.56.78
     port 443
 }
 outbound-interface eth1
 protocol tcp
 source {
     address 10.19.2.3
 }
 type masquerade
 }
 rule 51 {
 destination {
     address 12.34.56.78
     port 443
 }
 inbound-interface eth1
 inside-address {
     address 10.19.2.2
 }
 protocol tcp
 type destination
 }

I am now seeing traffic going between the two with Wireshark, but the website will still fail to load.

© Server Fault or respective owner

Related posts about firewall

Related posts about ip