Hello-
I've previously purchased and used Wingate at V3, but I'm now trying to migrate to the latest version and working with a trail license combined with PureSight (trial lic also, working well). I'm having difficulty trying to get a particular setup to work. Note that I haven't had this working under any condition before, but it's what I need to accomplish.
I have a wingate PC (Windows 2K, fully updated) as a proxy connected to my DSL modem on 1 nic, and all of the internal machines can use the internet as desired trough wingate and a second nic. It's the internal servers that are the problem.
I currently have a domain pointed to my address via static IP at (me).homedns.org and have servers running behind the wingate machine I want to host services on. I don't have a "domain" per se set up, just a windows workgroup on a local set of ip's - 192.168.x.x and some machines have hostnames, other are hardware units like webcams, and a hardware based (non pc) Lutron lighting processor with services on port 21,23,and 80.
I have an HMailServer and apache with squirrelmail working on the wingate machine and everything is fine with email/webmail.
However, I can't make other hosts/services work from the external internet. All names will just point to apache if it's running or die if it isn't.
Basically, I want to:
webcam1.(me).homedns.org
webcam2.(me).homedns.org
lutron.(me).homedns.org (ports 21, 23, 80)
anotherserver.(me).homedns.org
ftp.(me).homedns.org
(me).homedns.org goes to wingate pc webmail
I've read for hours in the forums and tried fiddling with the hosts/lmhosts and haven't been successful. I've turned apache off to make sure it's not intercepting all traffic on the external nic's port 80 in trying to make the routing by hostname work, but it wont. I've also tried binding apache to the wingate machine's internal NIC, but it won't bind there.
The problem is with the mulitple webcams and other servers that need port 80 routed by hostname. Because of what I'm trying to accomplish, I can't just route port 81 to webcam1 and port 82 to webcam2, as I have additional constraints not worth going over here, I just need to route by hostname through port 80.
Eventually, I need to point another static IP, (me2).homedns.org for example, to this machine and have apache and hmailserver handle another email domain. But, I need to cross this hurdle first.
If I can get this whole setup running before my trial period is up - about another 15 days or so, I'm ready to buy!
thanks for your consideration,
-Troy
Servers by hostname?
Moderator: Qbik Staff
6 posts
• Page 1 of 1
by adrien » Nov 07 07 12:01 am
Hi
if you want to be able to host more than one effective site externally (i.e. your webmail as well as divert some connections to internal servers), then you've got a bit of a conflict.
unless apache can look at host tags, and act as a proxy as well as a server, you can't let it own port 80 for external connections, otherwise it won't pass connections through to internal servers.
I would suggest running Apache on another port for webmail, and either
a) open that port in the WinGate firewall to allow direct external access to it (but your webmail users will need to specify the port in the URL) or
b) get WinGate to forward connections to your webmail site to apache on that server:port
and then also have WinGate bind to port 80 externally and use the Web Server settings to direct inbound connections to various internal servers based on the host tag in incoming requests (virtual servers).
Regards
Adrien
if you want to be able to host more than one effective site externally (i.e. your webmail as well as divert some connections to internal servers), then you've got a bit of a conflict.
unless apache can look at host tags, and act as a proxy as well as a server, you can't let it own port 80 for external connections, otherwise it won't pass connections through to internal servers.
I would suggest running Apache on another port for webmail, and either
a) open that port in the WinGate firewall to allow direct external access to it (but your webmail users will need to specify the port in the URL) or
b) get WinGate to forward connections to your webmail site to apache on that server:port
and then also have WinGate bind to port 80 externally and use the Web Server settings to direct inbound connections to various internal servers based on the host tag in incoming requests (virtual servers).
Regards
Adrien
- adrien
- Qbik Staff
- Posts: 5448
- Joined: Sep 03 03 2:54 pm
- Location: Auckland
by tmanning » Nov 07 07 4:53 am
Thanks for the reply.
I suspected that was a problem with Apache, but as I said in my first post, even with the Apache service completely disabled, I'm unable to get other servers to respond on port 80 based on hostname from the external internet. I can direct port 80 to a single machine successfully using Port Security under Extended Networking, but I can't get wingate to route according to hostname. I can connect by hostname from the internal network using (servername).(me).homedns.org, but not from the internet.
Q: Would it be easier if I added a 3rd nic into the wingate machine and create a DMZ network for just the servers? It's a bit of work, but if it will route by hostname on that net it's worth it.
...I've had Apache disabled for a few days while trying different things. If I have to, I'll move Apache to a another machine.
thanks,
-Troy
I suspected that was a problem with Apache, but as I said in my first post, even with the Apache service completely disabled, I'm unable to get other servers to respond on port 80 based on hostname from the external internet. I can direct port 80 to a single machine successfully using Port Security under Extended Networking, but I can't get wingate to route according to hostname. I can connect by hostname from the internal network using (servername).(me).homedns.org, but not from the internet.
Q: Would it be easier if I added a 3rd nic into the wingate machine and create a DMZ network for just the servers? It's a bit of work, but if it will route by hostname on that net it's worth it.
...I've had Apache disabled for a few days while trying different things. If I have to, I'll move Apache to a another machine.
thanks,
-Troy
- tmanning
- Posts: 5
- Joined: Nov 04 07 5:37 am
by tmanning » Nov 07 07 7:25 am
adrien-
I reread your message very carefully and spent some time figuring out exactly what you meant by "have WinGate bind to port 80 externally and use the Web Server settings to direct inbound connections".
1. I opened port 80 in Extended Network to just "Allow"
2. I opened the WWW Proxy Server settings and added the binding to my external network
3. Under Web Server I added (servername).(me).homedns.org as a Reverse Proxy pointed to the server IP, and under the Hosts tab added the server with (servername).(me).homedns.org
It worked! I think I can make the rest of the system work correctly from here.
thanks!
-Troy
I reread your message very carefully and spent some time figuring out exactly what you meant by "have WinGate bind to port 80 externally and use the Web Server settings to direct inbound connections".
1. I opened port 80 in Extended Network to just "Allow"
2. I opened the WWW Proxy Server settings and added the binding to my external network
3. Under Web Server I added (servername).(me).homedns.org as a Reverse Proxy pointed to the server IP, and under the Hosts tab added the server with (servername).(me).homedns.org
It worked! I think I can make the rest of the system work correctly from here.
thanks!
-Troy
- tmanning
- Posts: 5
- Joined: Nov 04 07 5:37 am
by tmanning » Nov 07 07 12:34 pm
Just a FYI for anybody who might be trying to do something like this, here is my final setup...
I added a Microsoft Loopback Adapater (virtual nic) to the wingate machine, with it's own little single address network. I had to specify it as a DMZ network in wingate before Apache would bind.
Then as described in the other messages I did a "reverse" proxy to the Apache server (which is actually running on port 80 on the wingate machine on a virtual DMZ network). I directed dub-dub-dub.(me).homedns. org to Apache's virtual nic through the WWW Proxy Server->Web Server and everything worked out!
I can now have hmailserver running (bound directly on the external nic) with Apache/Squirrelmail web interface at my default address all on the wingate machine, and reroute by hostname for webcams or any other servers I need. Of course, reverse proxy requires a valid username/password, but some policies could ?possibly? be written to get around that. However, I prefer the simple protection it gives.
-Troy
I added a Microsoft Loopback Adapater (virtual nic) to the wingate machine, with it's own little single address network. I had to specify it as a DMZ network in wingate before Apache would bind.
Then as described in the other messages I did a "reverse" proxy to the Apache server (which is actually running on port 80 on the wingate machine on a virtual DMZ network). I directed dub-dub-dub.(me).homedns. org to Apache's virtual nic through the WWW Proxy Server->Web Server and everything worked out!
I can now have hmailserver running (bound directly on the external nic) with Apache/Squirrelmail web interface at my default address all on the wingate machine, and reroute by hostname for webcams or any other servers I need. Of course, reverse proxy requires a valid username/password, but some policies could ?possibly? be written to get around that. However, I prefer the simple protection it gives.
-Troy
- tmanning
- Posts: 5
- Joined: Nov 04 07 5:37 am
by tmanning » Nov 28 07 12:28 pm
I went ahead and purchased a pro license...only to discover this solution requires an ENTERPRISE license? Didn't see that one on the pricing page!
Back to square one....not going to ante up the big bucks for that...maybe different solution/product?
Back to square one....not going to ante up the big bucks for that...maybe different solution/product?
- tmanning
- Posts: 5
- Joined: Nov 04 07 5:37 am
6 posts
• Page 1 of 1
Who is online
Users browsing this forum: Bing [Bot], Google [Bot] and 8 guests