|

Computer Security

»

»

Endian Firewall

»

Hosting sites on the GREEN interface

View: New views

8 Messages — Rating Filter: Alert me

	Hosting sites on the GREEN interface by Jean Rousseau Franco :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hello all, I just started playing with EFW, so far I'm very excited. I would like to host two sites (two different registered domains) on two machine on the Green interface. These machines right now host also the Databases that are used locally by an application and can also be queried from the site, hence my need for having them on the Green. Before I had a different solution, and I used a Proxy-Pass that would forward the requests to a local machine based on the name of the domain. Is this possible? Makes sense? Thanks, ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Efw-user mailing list Efw-user@... https://lists.sourceforge.net/lists/listinfo/efw-user
	Re: Hosting sites on the GREEN interface by Adam Pavelec-2 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message This should be possible by adding a few entries to Endian's "Host Configuration" page (https://<ip.address.of.your.endian>:10443/cgi-bin/hosts.cgi). Be advised that it is highly recommended to have these servers physically located in the Orange zone (DMZ). Good luck! -Adam Jean Rousseau Franco said the following on 7/16/2006 12:48 AM: > Hello all, I just started playing with EFW, so far I'm very excited. > I would like to host two sites (two different registered domains) on > two machine on the Green interface. These machines right now host also > the Databases that are used locally by an application and can also be > queried from the site, hence my need for having them on the Green. > Before I had a different solution, and I used a Proxy-Pass that would > forward the requests to a local machine based on the name of the > domain. Is this possible? > > Makes sense? > > Thanks, > ------------------------------------------------------------------------ > > > ------------------------------------------------------------------------- > Using Tomcat but need to do more? Need to support web services, security? > Get stuff done quickly with pre-integrated technology to make your job easier > Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 > > ------------------------------------------------------------------------ > > _______________________________________________ > Efw-user mailing list > Efw-user@... > https://lists.sourceforge.net/lists/listinfo/efw-user > ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Efw-user mailing list Efw-user@... https://lists.sourceforge.net/lists/listinfo/efw-user
	Re: Hosting sites on the GREEN interface by Jean Rousseau Franco :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Thanks for the quick reply! If I DMZ theses hosts won't they be completelly open? I only need the outside world to access them on port 80 and 443. In the example below, will modifying the hosts allow access to them on port 80? I'm testing right now and I see that it works locally on GREEN but not even from BLUE? Thanks, On 7/16/06, Adam Pavelec <adam@...> wrote: This should be possible by adding a few entries to Endian's "Host Configuration" page (https://<ip.address.of.your.endian>:10443/cgi-bin/hosts.cgi). Be advised that it is highly recommended to have these servers physically located in the Orange zone (DMZ). Good luck! -Adam Jean Rousseau Franco said the following on 7/16/2006 12:48 AM: > Hello all, I just started playing with EFW, so far I'm very excited. > I would like to host two sites (two different registered domains) on > two machine on the Green interface. These machines right now host also > the Databases that are used locally by an application and can also be > queried from the site, hence my need for having them on the Green. > Before I had a different solution, and I used a Proxy-Pass that would > forward the requests to a local machine based on the name of the > domain. Is this possible? > > Makes sense? > > Thanks, > ------------------------------------------------------------------------ > > ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Efw-user mailing list Efw-user@... https://lists.sourceforge.net/lists/listinfo/efw-user
	Re: Hosting sites on the GREEN interface by dayne_lucas :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message This is achieved by going to Firewall > Port Forwarding, and creating a rule to allow specific traffic from one host or all hosts on the internet to connect to your servers on GREEN via a specific port or port range. For instance if I had a web server on GREEN that I wanted internet users to access: Web server internal IP: 192.168.0.253/24 Go to Firewall > Port Forwarding and create the following rule: Protocol: TCP Alias IP: DEFAULT IP (This could be an alias you created if you had more than one Public IP) Destination IP: 192.168.0.253 Destination Port: 80 Remark: Web Server Internet Access Allowed Make sure that the rule is enabled and click the "ADD" button to add the rule. Now all TCP port 80 traffic will be forwarded to the internal web server. Idealy you would want all internet accessible servers on the DMZ (ORANGE) which separates the secure network from servers that may be breached by hackers. Best regards, Dayne
	Re: Hosting sites on the GREEN interface by dayne_lucas :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message This is achieved by going to Firewall > Port Forwarding, and creating a rule to allow specific traffic from one host or all hosts on the internet to connect to your servers on GREEN via a specific port or port range. For instance if I had a web server on GREEN that I wanted internet users to access: Web server internal IP: 192.168.0.253/24 Go to Firewall > Port Forwarding and create the following rule: Protocol: TCP Alias IP: DEFAULT IP (This could be an alias you created if you had more than one Public IP) Destination IP: 192.168.0.253 Destination Port: 80 Remark: Web Server Internet Access Allowed Make sure that the rule is enabled and click the "ADD" button to add the rule. Now all TCP port 80 traffic will be forwarded to the internal web server. Idealy you would want all internet accessible servers on the DMZ (ORANGE) which separates the secure network from servers that may be breached by hackers. Best regards, Dayne
	Re: Hosting sites on the GREEN interface by wnpaul :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message The responses so far do not seem to answer this part of Jean Rousseau Franco's Question: > I would like to host two sites (two different > registered domains) on two machine on the Green > interface. These machines right now host also the > Databases that are used locally by an application > and can also be queried from the site, hence my > need for having them on the Green. > Before I had a different solution, and I used > a Proxy-Pass that would forward the requests to > a local machine based on the name of the domain. Is > this possible? In other words, is there any way to forward incoming requests on a given port to two different GREEN hosts based on the hostname part of the URL? As one who has just studied the EFW Manual with a view to replacing my Smoothwall and IPcop installations with EFW, I suspect that this would require either a http proxy configuration which proxies incoming http/https requests (so far not part of EFW, but perhaps a valuable addition), or else separate IP addresses for the two hostnames which can be set up as Aliases on RED and can then be separately port-forwarded to the two GREEN hosts. -- Wolf N. Paul wnp-@... ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Efw-user mailing list Efw-user@... https://lists.sourceforge.net/lists/listinfo/efw-user
	Re: Hosting sites on the GREEN interface by dayne_lucas :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Port forwarding is just that, forwarding requests to an internal host given a certain port. The firewall does not inspect the URL that the client is searching for, this is a DNS or HTTP application issue. I don't believe it should be the firewall's job to do such a thing, it should rather be done at the server. Best regards, Dayne
	Re: Hosting sites on the GREEN interface by Jean Rousseau Franco :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message My suggestion was the proxy and not the firewall, since I won't be able to open the same ports to two different machines. Thanks, On 7/19/06, dayne_lucas <dayne@...> wrote: Port forwarding is just that, forwarding requests to an internal host given a certain port. The firewall does not inspect the URL that the client is searching for, this is a DNS or HTTP application issue. I don't believe it should be the firewall's job to do such a thing, it should rather be done at the server. Best regards, Dayne -- View this message in context: http://www.nabble.com/Hosting-sites-on-the-GREEN-interface-tf1949611.html#a5394334 Sent from the efw-user forum at Nabble.com. ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Efw-user mailing list Efw-user@... https://lists.sourceforge.net/lists/listinfo/efw-user -- Jean Rousseau Franco Maila Networks Comunicação Digital & Segurança ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Efw-user mailing list Efw-user@... https://lists.sourceforge.net/lists/listinfo/efw-user