Mobile app version of vmapp.org
Login or Join
Barnes591

: Sharing one static ip for both ftp and www service Trying to figure out how to update the Zone record and configure webserver so that one application on the webserver is accessible by public.

@Barnes591

Posted in: #Dns #Domains #WebApplications #WebHosting

Trying to figure out how to update the Zone record and configure webserver so that one application on the webserver is accessible by public. I'm completely not good at NS/DNS/NAT/firewall/routing/port forwarding/networking etc.

"faraday" is the intranet name. Everyone within local network can access all applications hosted on "faraday". Hostname for webserver is "www", FTP server is "ftpserver". Both servers running RHEL4 OS.

The goal is to allow anyone outside the company network (public) to access only one of the many applications on "faraday". Hope somebody can help me with some of the questions below, if not all.


From zoneedit record, the static IP is used by FTP now.
Can I use the same existing static IP - 219.95.10.100, for web service?
Currently anyone who enter "http://www.abc.com.my" will be directed to "http://www.abc.com". I don't want this to change.
Currently, no one else, except employee on local network, can access "faraday" web pages.
How to configure so that when anyone type "http://thisapp.abc.com.my" on their web browser, the url will lead them to "http://faraday/thisapp" (application folder is /var/www/html/thisapp on RHEL4 web server).
If possible, how to set the URL will continue to show "http://thisapp.abc.com.my" instead of "http://faraday/thisapp"
How to limit/restrict user (those who are not from local network) so they only have access to "http://thisapp.abc.com.my", but not "http://faraday" or "http://faraday/anotherapp", etc.
What's the configuration changes needed in /etc/httpd.conf on web server?


Company domain name is "abc.com.my".
Following is the zone records on zoneedit.com.
Subdomain Type IP
sdsl A 219.95.10.100
ftp CNAME sdsl.abc.com.my @ NS ns3.zoneedit.com @ NS ns7.zoneedit.com


WebForward record:

New Domain Destination Cloaked abc.com.my www.abc.com N


On my local DNS server, there are 2 zone files: abc.com.my and pnmy.abc.com.

> cat abc.com.my.zone
ftp CNAME ftp.pnmy.abc.com.
sdsl A 219.95.10.100

> cat pnmy.abc.com.zone
ftp CNAME ftpserver
ftpserver A 172.16.5.1
faraday CNAME www
www A 172.16.5.2

10.02% popularity Vote Up Vote Down


Login to follow query

More posts by @Barnes591

2 Comments

Sorted by latest first Latest Oldest Best

 

@Rambettina238

iptables is a useful layer of security; aside from opening the ports for the services out of the LAN it also comes with incredible granularity down to specific protocols, see --multiports option. You can drop packets from IPs not in a subnet of your LAN which are requesting specific ports or protocols, it's very handy.

You can also configure Apache to similarly ignore unwanted guests via its Access Control module. NB: the "order deny, accept" format statements are (worryingly!) now officially deprecated and Apache advise for them to not be used. Seems that with 2.5 they've introduced a new Require syntax which I need to get my head around as I heavily use Access Control.

The useful thing about Access Control is that you can use CIDR to define allowed/denied ranges, so you can just deny everyone except 192.168.1.0/24 access to the web server. :-) And if you want to get fancy, you can then make it redirect to another web page (perhaps extranet or public web site page?) if a denied user hits the intranet server.

10% popularity Vote Up Vote Down


 

@Angela700

To answer some of your questions below


Yes you can use the same IP for FTP and WWW service, your web server and ftp server run on two different ports. You just need to allow access to those ports on your server.
How are visitors redirected? I would use either DNS or .htaccess to redirect
Use .htaccess to restrict access to your local network by either IP's or domain name
Use .htaccess to redirect


Most of the restrictions can be setup with .htaccess and or with your iptables

10% popularity Vote Up Vote Down


Back to top | Use Dark Theme