My webhost is a solaris server has many IP addresses a few are listed below.
$ ifconfig -a
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
ipmp0: flags=108001000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4,IPMP,PHYSRUNNING> mtu 1500 index 2
inet 10.61.15.6 netmask ffffff00 broadcast 10.61.5.255
groupname ipmp0
ipmp0:1: flags=108001000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4,IPMP,PHYSRUNNING> mtu 1500 index 2
inet 10.61.15.142 netmask ffffff00 broadcast 10.61.5.255
ipmp0:2: flags=108001000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4,IPMP,PHYSRUNNING> mtu 1500 index 2
inet 10.61.15.143 netmask ffffff00 broadcast 10.61.5.255
ipmp0:3: flags=108001000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4,IPMP,PHYSRUNNING> mtu 1500 index 2
inet 10.61.15.144 netmask ffffff00 broadcast 10.61.5.255
.....
I have an apache instance on webhost that acts as proxy and forwards the request to remotehost port 11130
The issue is that the firewall team as allowed connectivity only from this source IP 10.61.15.6 on webhost to destination remotehost port 11130
When i hit the remote application using apache frontend URL
https://mywebhost.mybank.com/remote/health.ping
It works only when the apache soure IP is 10.61.15.6 as the firewall is open and it fails if i keep retrying (refreshing) as the apache httpd source IP changes to others like 10.61.15.142
How can i enforce that the apache httpd https port 443 source IP is always 10.61.15.6 when it connects to any remote host port?
Apache httpd documentation is generally thorough, but you have to know your way around. It's organised by module, so in this case we want the page for mod_proxy.
Looking down that page, I believe the directive you are looking for is "ProxySourceAddress":
Set local IP address for outgoing proxy connections
...
This directive allows to set a specific local address to bind to when connecting to a backend server.
So within your top-level httpd.conf or a <VirtualHost> block, you would write this:
ProxySourceAddress 10.61.15.6
Related
I'm able to ssh to a host from my machine but when I try to ping the host from my machine, it says 100% packet loss !!
So my query is that what all could be the possible reasons behind this behavior (able to SSH but unable to PING through the same machine).
NOTE: All communication were tried using IP address of the target host.
Two common reasons:
Firewall. in local host, target host, or somewhere in route between hosts.
ICMP echo responsing is disabled in the target host.
If DNS query is used, ping and ssh tools may select different IP from the response. For example ping may select IPv6 address, and ssh IPv4 address. --> Try tools with IP addresses instead of host names.
I have a Ubuntu Server 16.04 running on a machine in my local network.
The machine has static assigned IP and running apache2. There is no problem in connecting to it from my local network.
I have port-forwarding for ports 22 and 80 setup on my router to the IP address of the machine.
When I check the ports with my public IP address on sites like http://www.canyouseeme.org/ the result is that the ports are open. When I try to connect using my public IP address and using those ports the connections are refused.
I tried disabling firewall in the router and also on the machine, no result.
What else should I try? It seems that the server is getting no incoming connection when I check with netstat.
Just for troubleshooting purposes:
Setup port forwarding on port 22 and try to ssh into your server using the public IP? If it works, it means apache is refusing the connections and not your router or ISP
On your router, setup the server on the DMZ temporarily and check if it works
Add another port forwarding rule on your router to redirect all http requests on port 8000,for example, to port 80 internally, then try to access your server with http://[public_ip]:8000
Have you changed anything on the apache2.conf file? Also, explain how you are testing the connection, internally using the public IP or from the Internet?
The Apache webserver uses port 80 to listen for incoming requests and replies over port 80. Firefox uses port 80 to send requests to webservers and then listens on port 80 for the response from the webserver. I have run Apache and Firefox simultaneously before and am just wondering how two different programs can share the same port.
Each side of a TCP network connection is defined by a touple of (ipaddress, port #). When a packet leaves your system all it knows is that it needs to find ip address 192.168.1.1 and go the whoever has a socket bound to port 80.
A server socket is going to be defined by the address on which Apache is listening and port 80. The client socket open by Firefox will have the same ip address but a different randomly assign port number which you normally do not see.
You can see it using netstat or tcpview (Windows)
For example when I run netstat right now I see:
tcp4 0 0 x.x.x.x.62993 stackoverflow.co.https ESTABLISHED
where x.x.x.x is my laptops ip address and 62993 is the random port number assigned to my web browser.
Firefox isn't listening to port 80. It's making a request to a server port and handling the response.
I have to set up a Virtual Machine on vBox that works as a server for my app. Now, the app sends data to http://x.y.w.z:4567. I run apache server on host and wireshark confirms that the packet is received. Guest is behind NAT and is set up to forward TCPs from any IP port 4567 to port 443 on guest. I tried various versions of setting and not setting IP. Guest also has apache running, but it receives no packets. What should I do?
Please check the log that your port-forward rule is active. Also that your guest/host firewalls doesn't drop packets.
I have installed Ubuntu on Windows 8 using Hyper V. Having also installed Apache 2 I had the notion that I was going to use this as a web dev environment. I set up an external switch so that my ubuntu installation could access the internet. So far everything was progressing swimmingly. The problem I am encountering is that I have no idea how to access the web server from my machine. I can get the IP address that ubuntu picks up and type that into my browser whereupon I am informed "It works!". That's all good but I move around among several networks and I should not have to look up the IP address every time, and that can't facilitate having multiple sites installed. I just want to be able to enter something like
"http://mytestserver/"
into my browser to access it.
Any pointers on how to set this up properly would be much appreciated.
I have always had the most success with Bridged networking in VM Guests and would definitley recommend you go with that option. What you then could do and what I have done is to assign a static IP for the server and assign the hostname as below. You will have to know what IP addressing is available or you can use 192.168.1.x if your inside your network.
The easiest way would be to assign a static IP in /etc/network/interfaces replacing the 0.0.0.0 with the correct entries for your network
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
address 0.0.0.0.0
netmask 0.0.0.0.0
gateway 0.0.0.0.0
broadcast 0.0.0.0.0
dns-nameservers 0.0.0.0.0 0.0.0.0.0
and then edit your /etc/hosts file and add that static IP and add the Hostname mytestserver. You will already have the localhost entry and possibly others. Just make sure you assign the Static IP address you assigned in interfaces to mytestserver. You may also have to make this same entry in your machines hosts file simply because it will not have a DNS record.
127.0.0.1 localhost
0.0.0.0 mytestserver