WinGate Forums

[saubrey]

How can WG be configured to allow two webservers running on the same computer that is running WG, listening on two different IP:ports to be accessed transparently from the Internet (i.e. without specifying the port).

For instance I have a multihomed computer with two IP addresses 66.66.66.1 and 66.66.66.2. I have two web servers running on the WG computer--one is serving IP 66.66.66.1:80 and the other is serving 66.66.66.2:8081.

I want all external browsers not to have to specify the port when accessing 66.66.66.2.

So I think I want to configure WG’ENS to perform port redirection based on the incoming request’s destination IP. If the destination IP is 66.66.66.2:80 redirect to port 8081. If the incoming destination IP is 66.66.66.1:80 then no redirection. But I don’t see how to do this.

How can I configure WG to allow to webservers?

I have WG 6.04 running on w2k sp4

Thanks,

Steve

[kgoodknecht]

How can WG be configured to allow two webservers running on the same computer that is running WG, listening on two different IP:ports to be accessed transparently from the Internet (i.e. without specifying the port).

For instance I have a multihomed computer with two IP addresses 66.66.66.1 and 66.66.66.2. I have two web servers running on the WG computer--one is serving IP 66.66.66.1:80 and the other is serving 66.66.66.2:8081.

I want all external browsers not to have to specify the port when accessing 66.66.66.2.

So I think I want to configure WG’ENS to perform port redirection based on the incoming request’s destination IP. If the destination IP is 66.66.66.2:80 redirect to port 8081. If the incoming destination IP is 66.66.66.1:80 then no redirection. But I don’t see how to do this.

Why don't you use both on port 80, you can do this if the port 80 is on different IP addresses.
You can also have two virtual servers listening on the same IP and port if you use host headers. I really don't get why you're using a non-standard port if you have two IPs.

[saubrey]

Your suggestion is the best suggestion and will work. I originally tried that, but the 2nd webserver did not start. But now I realize what I did wrong when I first tried it. The 1st webserver was listening on all available IPs and it prevented the 2nd from starting. I have since changed the first webserver to only listen on its IP and now the second webserver can listen on its IP and both can listen to port 80. Thanks for the suggestion

[saubrey]

As what often happens, what's supposed to work and getting it to work are two different things. I am still unable to make it work using kgoodknecht's suggestion. Possibly becuase my impletation is a little more complicated than it needs to be. I didn't think it should matter, so I didn't mention it originally, but I guess it does.

My two web severs are actually listending on port 8080. and I use WG ENS to redirect incoming requests from the Internet for port 80 to port 8080. It seems that WG doesn't differentiate between destination IPs. WG redirects requests to 66.66.66.1:80 to the correct webserver (i.e. webserver 1:8080), but WG also always redirects requess to 66.66.66.2:80 to webserver 1 (i.e. webserver 1:8080). WG doesn't redirect 66.66.66.2:80 to webserver #2. Is this becuase WG doesn't retain the original destination IP?

[labull]

I've found that ENS doesn't care what the destination IP address is when it's redirecting, only the destination port. It grabs EVERYTHING to EVERYWHERE on whatever the port is and sends it to the destination in the redirect.

You can turn off IP translation to preserve the sending IP but not the destination.

Or I could be competely confused and just don't know how to make it work.

To accomplish this we've always had to use multiple TCP Mapping services.

Maybe the next version can include ENS redirection based on destination port AND IP.

[adrien]

Hi

what web server software are you running?

IIS for instance should have no problem running multiple sites on specific IPs on any port.

You can either have IIS bind to specific IPs:ports, or any IP on whatever port etc etc.

Then all you would need to do in WinGate is open port 80 from the internet.

Adrien

[saubrey]

I am using IIS 5.0. And, yes, it supports multiple web servers listening to different IPs and ports, and I have bound IIS to specific IPs and ports…this seems to be working correctly.

The problem I’m running into, I think, is with WG’s ENS port redirection. ENS port redirection seems to redirect all incoming requests for a port to the same IP, regardless of the requested IP.

My deployment is as follows: WS1 is listening to 66.66.66.1:8080 and WS2 is listening to 66.66.66.2:8080. I’ve configured ENS to redirect all incoming requests from the Internet for port 80 to port 8080. ENS correctly performs the port translation of 80 to 8080, but ENS seems to not honor and not retain the incoming IP. ENS seems to redirect all incoming requests to IP 66.66.66.1. For example, an incoming request for 66.66.66.2:80 gets redirected to 66.66.66.1:8080 instead of 66.66.66.2:8080.

I have worked around this issue by re-configuring my webservers to listen on port 80, instead of 8080, and by doing so, I no longer need to use ENS’ port redirection. Even so, I’d still like to understand if I was misusing ENS’ port redirection and if so, what is the proper way to configure WG.

[kgoodknecht]

I am using IIS 5.0. And, yes, it supports multiple web servers listening to different IPs and ports, and I have bound IIS to specific IPs and ports…this seems to be working correctly.

The problem I’m running into, I think, is with WG’s ENS port redirection. ENS port redirection seems to redirect all incoming requests for a port to the same IP, regardless of the requested IP.

My deployment is as follows: WS1 is listening to 66.66.66.1:8080 and WS2 is listening to 66.66.66.2:8080. I’ve configured ENS to redirect all incoming requests from the Internet for port 80 to port 8080. ENS correctly performs the port translation of 80 to 8080, but ENS seems to not honor and not retain the incoming IP. ENS seems to redirect all incoming requests to IP 66.66.66.1. For example, an incoming request for 66.66.66.2:80 gets redirected to 66.66.66.1:8080 instead of 66.66.66.2:8080.

I have worked around this issue by re-configuring my webservers to listen on port 80, instead of 8080, and by doing so, I no longer need to use ENS’ port redirection. Even so, I’d still like to understand if I was misusing ENS’ port redirection and if so, what is the proper way to configure WG.

Are these virtual servers running on the Wingate machine?
If they are you'll have to set each virtual server to listen on the corosponding IP address and just set Wingate to allow the port.

If the web server are running on a different machine, Wingate NAT only supports one redirection using NAT, you'll have to use two separate TCP mapping services with each listing on a different IP if your Wingate machine is Win2k. If the Wingate machine is on Win2k3, you can use the router built into RRAS with NAT turned off. It's kind of tricky but it works because Wink3 allows you to set NAT on or off on a per interface setting.
You can disable NAT in Wingate and use Windows NAT but you lose the ability for Wingate to redirect non-proxy connections through the proxy for AV datastream scanning, which is the number one reason I use Wingate. It's kind of cheap to protect 6 machines from internet threats for $100 a year, you can't get that from Norton for $100 a year. Knock on wood, I've not had a single viral infection on any networked computer since they added the feature to Wingate.

[adrien]

Hi Steve

Yep you're right. For port redirects, it redirects also the destination IP to the interface IP that the packet is received on. This is if the overide IP is 0.0.0.0, otherwise it uses the IP you specify.

It's done this way because of the way transparent proxying is set up. I'll have to see if I can do something about this for the next version.

Is there any reason you can't run that web server on port 80?

Adrien

[saubrey]

>Is there any reason you can't run that web server on port 80?

No. I reconfigured both webservers to listen on port 80 (but still different IPs) and removed WG's ENS port redirection. Now everything is working fine.

Three years ago when I installed the first webserver I was confused about WG's ENS transparent redirection for the www proxy and mistakenly thought that an internal webserver running on the same computer as WG needed to be on a port other than 80 because the www proxy was listening on port 80, so I choose 8080. I've been running with it like that all this time without any problems until a few weeks ago when I installed a second webserver listening on a different IP.