Very weird Apache + iptables problem

Discussion in 'Server Operation' started by snowfly, Aug 7, 2006.

  1. snowfly

    snowfly Member

    Hi,

    Ok I have a server at home for playing around on, and I just changed the way things were setup.

    Previously the home network was like this:
    Code:
       {internet}
            |
            |
        <public ip>
    {adsl modem/router} - with port forwarding for 21,22,25,80 etc to 10.0.0.1
        <10.0.0.2>
            |
            |
    {server 10.0.0.1} | {laptop 10.0.0.5} | {pc ...} | {...} etc
    
    New network layout:
    Code:
       {internet}
            |
            |
       <public ip>
    {adsl modem/router} 
       <10.0.0.2>
            |
            |
       <10.0.0.1> eth0
     {linux server}
     <192.168.1.1> ath0
            |
            |
      {wireless AP 192.168.1.2}
            |
            |
      {laptop 192.168.1.10} | {pc 192.168.1.11} | {...}
    
    
    | {laptop 10.0.0.5} | {pc ...} | {...} etc
    
    Ok, and here's the iptables code running on the server:
    Code:
    iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
    iptables --append FORWARD --in-interface ath0 -j ACCEPT
    The server is running things like apache, postfix, courier, dhcp etc

    Basically everything is working great and as expected.
    My laptop picks up an IP from the DHCP range assigned by the server, and I can browse the internet.

    And externally (from a different location/IP), I can view websites stored on the server.

    The problem is, that non of the internal PCs can get to the websites on the server. And the server itself can't view them!!

    When I run 'lynx localhost' on the server, I get "Unable to connect to remote host".
    And when I run 'telnet localhost 80', I get: "Unable to connect to remote host: Connection refused".

    Same if use port 127.0.0.1 rather than localhost.

    Seems as if apache is running fine and serving up to peolpe on the outside, but not serving up to itself.

    Any ideas?
    If I'm a bit vague, or you need more info to comment, let me know.

    Mike
     
  2. snowfly

    snowfly Member

    Well the problem is fixed :)

    Did a lot more looking around and reading on the net, and found out it was an apache issue.

    It was only listening on the external IP.
    So I modified httpd.conf and put in 2 NameVirtualHost lines for the external & internal interfaces:
    Code:
    NameVirtualHost 10.0.0.1
    NameVirtualHost 192.168.1.2
    I also changed BindAddress from an IP, to "BindAddress *".

    And then changed my virtualhost conf, to use both IP's:
    Code:
    <VirtualHost 192.168.1.2 10.0.0.1>
    ...
    </VirtualHost>
    So all goes well now. :)
     

Share This Page