8 Replies Latest reply on Aug 22, 2008 2:51 AM by rhsoftware

    using nat with webserver

    RikP Novice

       

      Hi,

       

       

      I have the following setup.

      Main server with 3 ip adressess .21, .22, .23, on this server there is an apache webserver on port 80 and 443.

      I have ip 23 reserved for vmware so the other 2 are in use by the apache server.

       

       

      I have a windows server 2008 on 192.168.138.4 and the vmnet8 (nat) is on 192.168.138.1

       

       

      Because port 80 and 443 are in use on the server i have done the following:

       

       

      outside:80 --> 192.168.138.1:60080 --> 192.168.138.4:80

      This isn't working.

       

       

      When i stop the apache service and do the following:

      outside:80 --> 192.168.138.1:80 --> 192.168.138.4:80

      this is working.

       

       

      Why is the first one not working and can i solve this? Maybe assignt the .23 ip directly to vmware?

       

       

      Thanks,

      Rik

       

       

        • 1. Re: using nat with webserver
          rhsoftware Hot Shot

           

          Why dont you use simply proxy-feature of the httpd on the host?

           

           

          <VirtualHost *>

            ServerName  vmware.rhsoft.net

            ServerAlias vmware

            ProxyRequests Off

            ProxyPass / http://vmware.rhsoft.net/

            ProxyPassReverse / http://vmware.rhsoft.net/

          </VirtualHost>

           

           

          In "/etc/hosts" on the Host-Maschine is an entry for the virtual host which points to the nat-address auf the vmware, the nameserver outside brings the client to the host and that was ist </code>

           

           

          1 person found this helpful
          • 2. Re: using nat with webserver
            RikP Novice

             

            Good point.

             

             

            Is it also possible to proxy port 25 and 110 in this way?

             

             

            Thanks,

            Rik

             

             

            • 3. Re: using nat with webserver
              rhsoftware Hot Shot

               

              No this is only a httpd-thing

              But of course you can use another port in the vm for httpd and add it to the proxy-url

              If you want other services on the host you can do this with nat.conf

              But you can not use a service that is running on the host himself and only once

               

               

              root@srv-rhsoft:~$ cat /etc/vmware/vmnet8/nat/nat.conf

              ip        = 192.168.196.2

              netmask   = 255.255.255.0

              device    = /dev/vmnet8

              activeFTP = 1

               

              timeout   = 60

               

              incomingtcp

              1433      = 192.168.196.10:1433

              81        = 192.168.196.10:81

              82        = 192.168.196.10:80

              222       = 192.168.196.10:22

              223       = 192.168.196.12:22

              224       = 192.168.196.14:22

              225       = 192.168.196.15:22

              226       = 192.168.196.16:22

               

               

               

               

              1 person found this helpful
              • 4. Re: using nat with webserver
                RikP Novice

                 

                I actually did that (i think).

                 

                in nat.conf:

                60025 = 192.168.138.4:25

                60080 = 192.168.138.4:80

                60110 = 192.168.138.4:110

                60443 = 192.168.138.4:443

                 

                 

                in  iptables-firewall.conf (replaced outside ip by xxx)

                NAT_TCP_FORWARD="xxx.xxx.xxx.23:25&gt;192.168.138.1:60025 xxx.xxx.xxx.23:80&gt;192.168.138.1:60080 xxx.xxx.xxx.23:110&gt;192.168.138.1:60110 xxx.xxx.xxx.23:443&gt;192.168.138.1:60443"

                 

                 

                This is not working.

                 

                but when i do the following it IS working

                 

                 

                nat.conf

                25 = 192.168.138.4:25

                80 = 192.168.138.4:80

                110 = 192.168.138.4:110

                443 = 192.168.138.4:443

                 

                 

                in  iptables-firewall.conf (replaced outside ip by xxx)

                NAT_TCP_FORWARD="xxx.xxx.xxx.23:25&gt;192.168.138.1:25 xxx.xxx.xxx.23:80&gt;192.168.138.1:80 xxx.xxx.xxx.23:110&gt;192.168.138.1:110 xxx.xxx.xxx.23:443&gt;192.168.138.1:443"

                 

                 

                The problem with this method is that vmnet-natd is blocking all these ports for all ip's and thus apache won't work anymore.

                # netstat -anp |grep vmnet-natd

                tcp        0      0 0.0.0.0:110               0.0.0.0:*                   LISTEN      3447/vmnet-natd

                tcp        0      0 0.0.0.0:80               0.0.0.0:*                   LISTEN      3447/vmnet-natd

                tcp        0      0 0.0.0.0:25               0.0.0.0:*                   LISTEN      3447/vmnet-natd

                tcp        0      0 0.0.0.0:443               0.0.0.0:*                   LISTEN      3447/vmnet-natd

                 

                 

                • 5. Re: using nat with webserver
                  rhsoftware Hot Shot

                   

                  You missunderstood something!

                  There is NO need for dealing with iptables and vmnat-ips

                  With the forwarding "vmnet-natd" is listening on the host such as an normal service

                   

                   

                   

                  So the only iptables-rules are with foreign ip can access port x on which "vmnet-natd" is listening

                  There is no difference between a "httpd" or "vmnet-natd" listening on port 80

                   

                   

                  Only you can not forward a port which is used from a host-service or bind "vmnet-natd" afaik on a specific interface

                  This is why i use the host-httpd with proxy feature so host can have  own domains and provide multiple domains from different nat-vms

                  The 226,227,228... are forwardings for the sshd from the virtual machines to access directly with "ssh -p 226 user@host"

                  All other things i handle with ssh-forwardings from outside:  ssh -N -C -f harry@local.rhsoft.net -L127.0.0.1:3389:xp-ie6.vmware.local:3389

                  On the Host is running a named with the zone "vmware.local" and a reverse-zone for "192.168.196.x"-network

                   

                  The only thing is that "vmware-config.pl" likes to overwrite the "nat.conf" and i

                  have a backup in the same folder called "vmnat-rh.conf" to restore it in worst case.

                   

                   

                  • 6. Re: using nat with webserver
                    RikP Novice

                     

                    aaah now i get it.

                     

                     

                    Then i want to do a feature request

                    The ability to bind vmware to an ip!

                     

                     

                    Thanks for the help

                     

                     

                    • 7. Re: using nat with webserver
                      RikP Novice

                       

                      Hi rhsoftware,

                       

                      I'm trying to do it with apache proxy for the websites. i'm still getting to the apache website instead of the vmware server website.

                       

                      I'm using the following virtualhost:

                       

                       

                      ServerName owa.thauco.eu

                      ServerAlias vmware

                      ProxyRequests Off

                      ProxyPass / http://owa.thauco.eu/

                      ProxyPassReverse / http://owa.thauco.eu/

                       

                       

                      in etc/hosts:

                      192.168.138.4 owa.thauco.eu

                       

                       

                      what could be wrong?

                       

                       

                      Thanks,

                      Rik

                       

                       

                      • 8. Re: using nat with webserver
                        rhsoftware Hot Shot

                         

                        Are you sure that all httpd-modules on the host are loaded?

                        Take a look at errorlog

                        On my host the following modules are loaded in httpd.conf

                         

                         

                        LoadModule php5_module                                                        "modules/libphp5.so"

                        LoadModule auth_basic_module                                           "modules/mod_auth_basic.so"

                        LoadModule authn_file_module                                           "modules/mod_authn_file.so"

                        LoadModule authn_alias_module                                         "modules/mod_authn_alias.so"

                        LoadModule authn_default_module                                     "modules/mod_authn_default.so"

                        LoadModule authz_host_module                                           "modules/mod_authz_host.so"

                        LoadModule authz_user_module                                           "modules/mod_authz_user.so"

                        LoadModule authz_groupfile_module                                 "modules/mod_authz_groupfile.so"

                        LoadModule authz_default_module                                     "modules/mod_authz_default.so"

                        LoadModule log_config_module                                           "modules/mod_log_config.so"

                        LoadModule env_module                                                         "modules/mod_env.so"

                        LoadModule mime_magic_module                                           "modules/mod_mime_magic.so"

                        LoadModule setenvif_module                                               "modules/mod_setenvif.so"

                        LoadModule mime_module                                                       "modules/mod_mime.so"

                        LoadModule autoindex_module                                             "modules/mod_autoindex.so"

                        LoadModule vhost_alias_module                                         "modules/mod_vhost_alias.so"

                        LoadModule negotiation_module                                         "modules/mod_negotiation.so"

                        LoadModule dir_module                                                         "modules/mod_dir.so"

                        LoadModule actions_module                                                 "modules/mod_actions.so"

                        LoadModule alias_module                                                     "modules/mod_alias.so"

                        LoadModule rewrite_module                                                 "modules/mod_rewrite.so"

                        LoadModule proxy_module                                                     "modules/mod_proxy.so"

                        LoadModule proxy_http_module                                           "modules/mod_proxy_http.so"

                        LoadModule ssl_module                                                         "modules/mod_ssl.so"

                        LoadModule dav_module                                                         "modules/mod_dav.so"

                        LoadModule dav_svn_module                                                 "modules/mod_dav_svn.so"

                        LoadModule authz_svn_module                                             "modules/mod_authz_svn.so"