[pptp-server] Accessing a web server on an internal masq machine

Fri Oct 13 15:38:37 CDT 2000

Hello,
	I know i must be missing something here but let me present a
scenario that I am building using your firewall / script engine.

	1) I have a working VPN, with Poptop, and two nic cards. I have the
mppe patches installed, works all fine and dandy. Able login users they can
then find internal machines, and then can use ms-exchange no problem works
great. 

	2) I have setup your seawall.conf for 'strong' firewall.

	3) I have an entry into 'servers' file in the /etc/seawall/servers
file that contains the location of my 'web server' sitting on the internal
lan. ie: 192.xx address. 

	4) Now I have ipmasqadm installed, i also have full portfw modules
created and in the kernel they all work fine.

	Q) Here is my problem, how does one use the 'public' side of the
masq machine to call the web server when the firewall prevents anyone from
seeing the public ip address in the first place:

	For instance:   say my web server is on ip: 192.168.10.4  (example
only)
			    my firewall / poptop / masq machine has ip
internal: 192.168.10.1
	
ip external: 216.94.165.50
	(these are example ip's only not valid)

	Now if I were to define a www.mywebsite.com   to point to
216.94.165.50

	the ipmasqadm portfw  would translate that to 192.168.10.4, as i
included in the servers file. You give an excellent example in the
documentation for the seawall site.

	But here lies the problem, I can not even see '216.94.165.50'
because this ip is blocked by the firewall. Am I missing something here? how
would an internal web server work?

	I know if I establish a VPN tunnel i could easily see the
192.168.10.4 machine without the need for portforwarding, I have tried this
it works fine because I am now basically on the lan, BUT for external users
who are not VPN'ing into my machine but I do want them to see the web server
(I would consider placing it into a DMZ) but the same problem arises, I can
not see the public IP side of the server from the internet so I can not see
the web server or for that matter the masq machine to forward the packets
to??

	Any help would be greatly appreciated...I hope I explained myself
well enough...I really find your seawall/conf setup to be excellent and easy
to work with. I understand the ipmasqadm portfw utility, and built what the
sever / firewall scripts do automatically by hand, but I do not understand
how to make the public IP address receive a web request!

 - Charles Sinsofsky
   Systems Architect - FCI
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.schulte.org/mailman/private/pptp-server/attachments/20001013/56d5a06b/attachment.html>