George Gallen on 10 May 2006 17:46:08 -0000 |
no the 10.x machines talk to the apache server using the 10.x interface (eth0) the same server has a second interface (eth1) which is 192.x which talks to another network (internet via a firewall). Apache responds to either nic both having differnet names. I really don't think it's the server or the config setup, as everything else works, just images get hung up, and they are not that big either 100k. George ________________________________ From: plug-bounces@lists.phillylinux.org on behalf of John Von Essen Sent: Wed 5/10/2006 1:16 PM To: Philadelphia Linux User's Group Discussion List Subject: Re: [PLUG] Apache server not serving... Definitely a firewall/network design issue. A few things... How does a 10.X machine talk to 192.X machine? My guess is it goes through the firewall, sounds like your firewall has two internal nets (a 10.X int and a 192.X dmz). So the 10.X machines sends a packet through the firewall to the apache box. Problem is, the apache box is multi-homed to the 10.X network. The packets will not return to the sender by way of the firewall, instead, it will just use broadcast info on that second 10.X NIC and return that way. Packets have to return the same way they came in. Now I cant explain why it works some of the time, but regardless, something screwy is going on. Your setup is common, and commonly has issues. My question is: If you are on a 10.X machine, why would you want to talk to apache on the 192.X? And if you did want to talk to apache on the 192.X, then why did you multi-home the apache server in the first place? When you start playing around with firewalls, and multiple nets, you can get lost when trying to do too much. Either run the apache box as a true dmz machine with only a 192 nic, or if you do multi-home it, only talk to it via the 10.X address from inside your corp network. You cant "easily" do both... -John On Wed, 10 May 2006, George Gallen wrote: > This has been bugging me for a couple years now... > > I have a Redhat server (7.2) that has two NICS (eth0=10.10.) address, the other is a (eth1=192.168). > call eth0 site1.domain.com and eth1 site2.domain.com > Our corp network passes an internet IP through a firewall => 192.168 address > Our internal corp network has the 10.10 addressing. > > Apache (1.3.27) > > The server works perfectly on the 10.10. Any requests to site1.domain.com work as expected, the > HTML code is returned, all .cgi's work, and all images are sent. > > When one tries to access the system using the 192.168 side, Any requests to site2.domain.com > will return the HTML code as expected, and run the .cgi's as expected, however, I never > get any of the images. > > Now, the strange part. If you look at the access logs, it shows the images as being sent? > with the correct time and file size. > > I've been assured by our IIT staff that the firewall could not be possibly blocking them. > > There are no errors logged anywhere. Can anyone think of anything to check into? > > Generally this hasn't been an issue because all of web stuff that needed to be done externally, > did not require images, just the html/cgi pages. But now I'm working on a project with images. > > I will have to setup a tcpdump on the eth1 tonight to monitor output to see what is actually being sent. > > Yes, I know the OS is old...that won't change, and the Apache is old, but the problem has existed > on older versions of apache as well, I don't think upgrading will solve this issue. > > > George Gallen > Senior Programmer/Analyst > Accounting/Data Division > ggallen@slackinc.com > ph:856.848.1000 Ext 220 > > SLACK Incorporated - Delivering the best in health care information and education worldwide. > http://www.slackinc.com > > > ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug <<winmail.dat>> ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
|