ScreenOS Firewalls (NOT SRX)
Reply
Visitor
Altmiah
Posts: 3
Registered: ‎08-19-2008
0
Accepted Solution

Multiple Apache Servers behind one untrusted IP

Hello Community,

 

I've searched around, but was unable to find an answer elsewhere to my problem.

 

This is concerning an ssg20

 

I am currently implementing a new apache web server in our organization, and I am trying to access it from outside the internal network.  I am only able to see the original web server unless I specify a VIP to point to the new server.

 

Is it even possible for me to have 2 http servers behind one external IP, and have the ssg20 take care of the neccesary routing to get the traffic where it needs to go?

 

Thanks in advance for your help.

Trusted Expert
AndyC
Posts: 441
Registered: ‎07-08-2008

Re: Multiple Apache Servers behind one untrusted IP

Hi,

 

Its not possible to listen for two of the same port on the same public IP on the firewall. The reason for this is the firewall has no way of knowing which server to send the traffic to at the back end if it recieves a request on http.

 

You will need to have 2 public IPs if you want to have 2 web servers.

 

Regards

 

Andy

JNCIS-FWV
JNCIA-WX
JNCIA-SSL
JNCIA-ER
Visitor
Altmiah
Posts: 3
Registered: ‎08-19-2008
0

Re: Multiple Apache Servers behind one untrusted IP

Thank you for the reply.

 

At least I am not trying the impossible anymore!

New User
Yuval_Sinay
Posts: 3
Registered: ‎08-19-2008
0

Re: Multiple Apache Servers behind one untrusted IP

Hi,

 

You can setup the apache to use load balance:

 

http://www.google.co.il/search?hl=en&q=apache+load+balance

 

and public the VIP...

 

Visitor
Altmiah
Posts: 3
Registered: ‎08-19-2008
0

Re: Multiple Apache Servers behind one untrusted IP

Yuval,

 

I dont think load balancing would work in my case.  Or maybe it will?

What I am really trying to do is have 2 seperate servers:

gentoo - example.com - carrying the website and other associated services.

&

fedora - webmail.example.com - would carry a horde webmail server for employees to access webmail.

DNS is set up correctly to handle the 2 web servers (from inside the network everything works perfectly, externally however is the problem).

I could put them both on the same server, but the plan is to eventually migrate everything off of the gentoo box and onto the fedora box. I would like to migrate in small increments for testing and evaluation purposes, and the webmail is the first step.

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.