[RESOLVED] https through virtual IP
-
Sure,
Here they are.My goal is simple.
I have a two web servers.
One was dedicated only for http
The other for https
But I want to have a second https server
For testing purposes, I simply set the http server to also serve https.
Internally it all works just fine.
I want the second https (the newer one) to be accessible from outside. So I created the x.x.x.163 ipalias so I could direct the https traffic to that server, while using only one nic that is hooked up to the external router.After it didn't work I also created a nat entry for port 80 on that virtual IP to see if it was an SSL issue. I got the same result, the same block, except that it says port 80 in the log.
Thanks,
-
and the other two that didn't fit in the post.
-
try without destination alias
how do you have public ip's? are you having continous block or something else? -
Ok, I changed the entry to replacing the alias with the Ip of the server.
Same result.
Yes, it's a block. (162-165) And I'm reaching the firewall from the outside wold with the .163 because I get the Firewall block entries at the exact time I try to access from the outside world. The .162 is the regular address. I used the 163 in the past (hooked up to another physical firewall), I stopped using it for a while, it is possible that the provider changed something, but I doubt it.
I haven't posted the entry itself in NAT. Here is the screenshot of that.
-
It's fixed!
Thank you, when you asked about the block, I kept thinking, so I went and rechecked everything, duhhhh, how stupid of me, the subnet mask was WRONG.
Geez,
Thank you!
-
It's ok, but you're showing again your public ip's
-
So I set everything back to how I wanted it originally, and for the record having the destination Alias works fine.
Thanks for the Public/IP warning. I'll take it out again. Thanks.
Is there a way one can mark threads as "Answered" here?
-
edit your first post subject with [SOLVED]
-
Nevermind, it isn't solved. Having the same problem again. I have no clue as to why it started working and after a while it stopped working.
Any ideas of what else too look for?
-
Well I Fixed it again.
I think I found a bug.
Whenever you make and changes to the System Advanced Firewall/NAT window, it changes the IP Alias to Network, rather than the Single address, which of course breaks this. Uggh…
Anyways, messing around the screen, I can't remember what the defaults where for this was, can someone remember me which ones should be check?
Disable NAT Reflection for port forwards:
Disable NAT Reflection for 1:1 NAT :
Automatically create outbound NAT rules...:Thanks,
-
I was wrong, changes in the System Advanced screen do not change the label Network. The label Network is changed whenever you use anything other than a /32 mask.
It turns out that it works just fine with the mask /32
Whenever I re-save the Virtual IP it starts working again.
But I just noticed something else I got the log entry:
kernel: arp: 00:1e:58:39:1a:1e is using my IP address 200.XXX.XXX.163 on vr0!So I guess the provider did change something and that IP is assigned to something else, that would explain the weird erratic behavior. The provider was absorbed by another provider, so I think that's the origin of the problem.
Anyhow, thanks and please do let me know what the defaults are for:
Disable NAT Reflection for port forwards:
Disable NAT Reflection for 1:1 NAT :
Automatically create outbound NAT rules…: -
Disable NAT Reflection for port forwards:
Disable NAT Reflection for 1:1 NAT :
Automatically create outbound NAT rules…:I'm not sure if i have default settings, but working settings: check, check & uncheck
-
Thanks!