[Message Prev][Message
Next][Thread Prev][Thread Next][Message
Index][Thread Index]
Re: Web server access
Of course if you want to do it securely you'll run ssh and use its port
forwarding. Not hard really and it means that you only need to configure
it once and it works for any network service on your entire internal
network. File/print sharing, http, pop, imap etc etc.
ssh is a standard part of cygwin so can even run on windows boxen :)
'putty' is then a trivial single file executable on any client that
can't run ssh natively.
This is a very useful approach if you haven't secured your internal
services (which normally you wouldn't need to)
David
Mark Harrison (Groups) wrote:
> On Sat, 2005-08-13 at 21:02 +0100, Alex Clark wrote:
>
> A lot hinges on how sophisticated your router is. Start with Option 1
> and work down till you find something that works on your hardware :-)
>
>
> Option 1: Real PAT
>
> In an ideal world, what sir wants is something called "Port
address
> translation" (PAT).
>
> Suppose you have three internal boxes:
>
> webserver 192.168.0.1
> cameraserver 192.168.0.2
> fileserver 192.168.0.3
>
> each running a webserver on port 80.
>
> With some routers / firewalls, you can set things up so that (if you
> have external IP 1.2.3.4 then:
>
> - 1.2.3.4:80 -> 192.168.0.1:80
> - 1.2.3.4:81 -> 192.168.0.2:80
> - 1.2.3.4:82 -> 192.168.0.3:80
>
> The problem is that some domestic routers don't allow you to do this.
> They only allow you to do NAT (Network address translation.) So you go
> to:
>
>
> Option 2: Port-specific NAT
>
> Some routers allow you to do DIFFERENT network address translation
based
> on ports.
>
> You first reconfigure cameraserver so that it runs on port 81 rather
> than 80, then fileserver so it runs on port 82 rather than 80.
>
> Then you set up NAT so that:
>
> - 1.2.3.4:80 -> 192.168.0.1:80
> - 1.2.3.4:81 -> 192.168.0.2:81
> - 1.2.3.4:82 -> 192.168.0.3:82
>
> However, it may be that your router doesn't even allow this, so you
turn
> to the dark world of:
>
>
> Option 3: Reverse proxy server
>
> You can set up some webserver so that THEY manage the stuff for you.
In
> this case, you could configure a new box (or add config to one of the
> existings) so you have:
>
> reverseproxy 192.168.0.4
>
> You then set up your router so that all traffic on port 80 goes to
that
> box.
>
> You then configure reverseproxy so that:
>
> http://reverseproxy/webserver
-> 192.168.0.1
> http://reverseproxy/cameraserver
-> 192.168.0.2
> http://reverseproxy/fileserver
-> 192.168.0.3
>
> 'tis, alas a bit of a black art. If you're going to use Apache server
to
> do it, then I can send bits of config. If you're going to use IIS,
then
> there are others here who can help.
>
>
> HTH
>
> M.
>
>
>
>
>
>
>
>
------------------------------------------------------------------------
> YAHOO! GROUPS LINKS
>
> * Visit your group "ukha_d
> <http://groups.yahoo.com/group/ukha_d>"
on the web.
>
> * To unsubscribe from this group, send an email to:
> ukha_d-unsubscribe@xxxxxxx
> <mailto:ukha_d-unsubscribe@xxxxxxx?subject=Unsubscribe>
>
> * Your use of Yahoo! Groups is subject to the Yahoo! Terms of
> Service <http://docs.yahoo.com/info/terms/>.
>
>
>
------------------------------------------------------------------------
>
--
UKHA_D Main Index |
UKHA_D Thread Index |
UKHA_D Home |
Archives Home
|