logo
Apache Lounge
Webmasters

 


About

Forum Index Downloads Search Register Log in  RSS Apache Lounge
 



Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Apache Lounge is not sponsored.

Your donations will help to keep this site alive and well, and continuing building binaries.



Apache behind two routers

 
Post new topic   Reply to topic    Apache Forum Index -> Hardware & Networking



View previous topic :: View next topic  
Author Message
m.wilson



Joined: 26 Oct 2006
Posts: 2

PostPosted: Thu 26 Oct '06 5:26    Post subject: Apache behind two routers Reply with quote

Hey guys,

I have a setup where my Apache 2.2 is behind two routers, one through the other. I have everything set to where it will send through the two routers. I am able to type the ip address of my line, i.e x.x.x.x, into the browser and it will pull up my page. However, when I get a friend to type in the ip address, its not going through. I had the server working correctly before so I know that it will go through the ISP.

heres my goodies:

running xp
apache 2.2
two d-link 524 wirelesses
one is on 192.168.1.x and the other is on 192.168.0.x, and the router is assigned a static ip as well as the server on diff routers.

They both route port 80. Im not sure if it makes a difference but the conf file is set to the x.x.x.x:80 ip.

Any help appreciated,
Mark
Back to top
Brian



Joined: 21 Oct 2005
Posts: 209
Location: Puyallup, WA USA

PostPosted: Fri 27 Oct '06 17:35    Post subject: Reply with quote

Sounds like with the two routers you have double NATting taking place. I have not set up where going through two routers as you are, and it begs the question... WHY?

Why go through two routers?

I would suggest you investigate how to traverse double NAT (network address translation). But more ideally is to be behind only ONE router. I suspect, correct me if I am wrong here, that you have the server behind the second firewall while you have workstations between the two routers?

If this is the case then you could simply set up a DMZ to pass the connection through to the 2nd firewall...oh damn, my head is going to explode.

good luck
Back to top
m.wilson



Joined: 26 Oct 2006
Posts: 2

PostPosted: Fri 03 Nov '06 20:55    Post subject: Reply with quote

Thanks for the suggestions Brian. I'll give it a whirl tonight. The ideal situation for me is to have the router behind the router since I have a line coming off of the first router to where my server must be, but I would ideally like to use another computer on the end of this, hence another router. Since I had both routers lying around, I'd rather do this than pay to change the setup.

If this helps, a computer off router 1 can type somename.com into the browser and pull up the page fine, so I think its something I forgot to set on router 1.

Heres a quick look at what I have:



It has to be something simple. Any ideas greatly appreciated.
Back to top
Brian



Joined: 21 Oct 2005
Posts: 209
Location: Puyallup, WA USA

PostPosted: Fri 03 Nov '06 21:19    Post subject: Reply with quote

Okay, maybe I am missing something here, but I don't see the point of the 2nd router.

You can use one router/firewall to do this, and set up rules and NAT to guide the traffic to the appropiate IP.

In one instance I have a web server and a workstation set up. This is a pretty easy deal, just a workgroup, no need for an NOS such as 2K3 acting as a DC. So, I set up firewall rules that allow access to the network from the outside, and to allow access from the LAN to the WAN.

I have file sharing set up, but only on the LAN, no WAN access NetBIOS features.

Then, I add what ZyXel calls SUA/NAT which simply states traffic on this port goes to that IP. I static everything in this particular LAN, DHCP is off!

So then I go to test it, since all traffic is by default blocked coming in, ONLY the traffic that is allowed into the firewall is going to get in. Then, once in, I have already designed where things go with NAT. Again, I say port 80 traffic goes to 192.168.1.139 and I say that port 25 and port 110 goes to 192.168.1.135, for example.

Additionally, I say what traffic can go out, LAN to WAN, so that no traffic is allowed outbound unless it fits the firewall rules. I do all this with one router/firewall.

Maybe I am missing the need here for two routers, maybe it is two firewalls you want, an extra level of protection for your server?

I don't see the value in that since you would be blocking ALL inbound traffic that does not match your firewall rules and you have set up NAT routing.
Back to top
Brian



Joined: 21 Oct 2005
Posts: 209
Location: Puyallup, WA USA

PostPosted: Fri 03 Nov '06 21:34    Post subject: Reply with quote

Somthing else, just to add to this, you can set up file sharing in this manner but even in a workgroup you can set policies on the two machines to allow some, limitted, or no file sharing, and if file sharing then read only and so on.

Group Policies in XP Pro can be effectively configured to provide a safe and secure environment.

I even have on network that allows NO access or file sharing but for SSH and RDP which I literally RDP through SSH to a box on the other side of the room. This is ultra paranoid thinking on my part though.
Back to top


Post new topic   Reply to topic    Apache Forum Index -> Hardware & Networking
Page 1 of 1