Apache Virtual Hosts and Firewall

I have an apache server on my local 192.168.0 network at 192.168.0.205. I would like to try and keep the Apache server on my 192.168.0 network if possible although I would like to make the server available to the public. My public IP is routed to a firewall running on a NetWare box at 192.168.0.1 which also runs a local DNS.

Apache is configured for virtual hosts all which work fine on my local intranet.

I have set up public DNS to point my domain names to my public IP. The Netware firewall re-writes the packets and maps all traffic on port 80 or 443 to 192.168.0.205. When a request is made from a public IP the apache server always sends back the default page and the document root set as part of the virtual hosting is ignored (although it works fine locally).

In an attempt to resolve the problem I set up local DNS entries for the domain names that point to the 192.168.0.205 local linux box so that if Apache tries to do a reverse lookup it would always map to 192.168.0.205.

The linux box only knows about 192.168.0.205, it knows nothing of the public IP that public traffic comes in on. DNS has been set up to be resolved from the Netware box. The Netware box then returns a local IP for any DNS lookup's. I have even set up IN-ARPA's for reverse DNS.

I'm beginning to confuse myself... so I hope you are still with me!

Can anyone tell me how apache handles its virtual hosting or if I have missed anything or are attempting the impossible.

I know that what I am doing is messy.

Steve

>> The linux box only knows about 192.168.0.205, it knows nothing of the public IP that public traffic comes in on.

You need to setup your Apache on linux box to know your public IP by putting the IP in NameVirtualHost line explicitly.

To make your internal network able to reach the appropriate vhost domain, do the following:
1) Add/append box_name.domain.com to the ServerAlias line within <VirtualHost> block
2) box_name.domain.com must not be reachable by the outside world and it's resolved to 192.168.0.205.
3) Since you also run a local DNS, so setting hosts file on all boxes locally is not needed

You maybe a little confused, so here is an example:

Say my FreeBSD box has two NIC - 192.168.0.1 and 123.45.67.89. Its hostname was set to mail.domain.com (resolvable from outside). And I actually wanted my domain to be www.domain.com. 192.168.0.1 resolves to freebsd.domain.com (not reachable from outside, just internal network using hosts file). Also, I have a vhost called "www.vhost.com" resolvable from outside.

In /etc/hosts file and C:\Windows\hosts:

192.168.0.1 freebsd.domain.com freebsd vhost1.vhost.com

In httpd.conf:

ServerName mail.domain.com
UseCanonicalName Off
DocumentRoot "/www/htdocs"
...
NameVirtualHost *
<VirtualHost *>
DocumentRoot "/www/htdocs"
ServerName www.domain.com
ServerAlias domain.com freebsd.domain.com
...
...
</VirtualHost>

<VirtualHost *>
DocumentRoot "/www/vhosts/www.vhost.com/htdocs"
ServerName www.vhost.com
ServerAlias vhost.com vhost1.vhost.com #vhost1.vhost.com is resolvable internally
...
</VirtualHost>

With this setup, domain.com and www.domain.com resolve to 123.45.67.89 reachable from outside. freebsd.domain.com resolve to 192.168.0.1 reachable internally. www.vhost.com resolves to 123.45.67.89 while vhost1.vhost.com to 192.168.0.1.

If you don't have a huge internal network, you should use hosts file to resolve internal network and don't mix it up with external network.