#1
  1. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Oct 2001
    Location
    Lisbon
    Posts
    45
    Rep Power
    13

    Arrow outside-world access to website in Intranet Workstation


    if i have an institution web network with a public site lets say www.hypothesisTV.pt, and it has a private intranet network what can they do to temporarilly give me access to a website i have in one of its intranet workgroup PCs?

    does this have to do with DNS name resolution like internal IP address xxx.xxx.xxx.xxx set to a name like myintranetPC.hypotheticTV.pt?? What can i say to hypotheticTV.pt webmaster to do in order to access the intranet site from any place in internet, or preferrably from a fixed IP address of another institution?

    Am i being specific enough?
    thanks in advance

    _________________
    Irina/Lisbon/Portugal
  2. #2
  3. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    May 2002
    Location
    Kamloops, BC, Canada
    Posts
    55
    Rep Power
    13

    Cool


    If they are using private (RFC 1918) IP addresses for their LAN with some kind of NAT/proxy firewall, then you need to talk to their security guy, not their webmaster (unless they are the same person). You will them to add a rule to the firewall mapping the IP of the private comp to a publically-accessible IP. This can be done either via a static map (IP-priv <--> IP-pub) or via port-redirection (IP-pubort <--> IP-priv), depending on if they have any available public IP addresses.

    Then, just point your browser to the public IP (and port if need be) that they tell you to use.

    If this access is just for you, then that's all that's needed. If they need/want to give access to the world, then they should move the website to a comp in their DMZ. Otherwise, they'll just be opening a huge security hole.
    Linux is for those who hate Windows.
    FreeBSD is for those who love UNIX.
    -------
    Have you read The Handbook yet?
    How about The FAQ?
    Have you searched the mailing lists?
    Or read any of the man pages?
    Have you searched the web for BSD resources?
    In short, have you done your homework yet?
  4. #3
  5. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2001
    Posts
    4
    Rep Power
    0
    Another alternative, which requires extra resources but much easier to setup, is to use mod_proxy + mod_rewrite on your external Apache. The only requirement is that, as long as the local (internal) IP of www.hypothesisTV.pt can talk to myintranetPC.hypotheticTV.pt.

    For example:
    Code:
    <VirtualHost *>
      ServerName www.hypothesistv.pt
      ServerAdmin webmaster@hypothesistv.pt
      RewriteEngine on
      RewriteRule ^/icons/(.+) - [PT,L]
    # RewriteRule ^(.*) http://192.168.0.2$1 [P,L]
      RewriteRule ^(.*)  http://myintranetpc.hypothetictv.pt$1 [P,L]
    </VirtualHost>
    Your internal web server can even be running IIS.
    Your external web server MUST be able to resolve myintranetpc.hypothetictv.pt either via /etc/hosts (easier) or a valid DNS entry (split horizon in your case).
    If you have further questions on this, start a new thread in Apache forum.

IMN logo majestic logo threadwatch logo seochat tools logo