[TriLUG] serving multiple HTTPS sites on same server with redirection

Blackburn, Marvin mblackburn at glenraven.com
Wed May 8 16:53:03 EDT 2013


redhat 5.7

We have a system with one nic with two ip addresses: eth0 is x.x.x.5 and eth0:0 is x.x.x.6
we also run apache and have multiple sites -- some http(s) going to each ip.  We can run these to 443/8443 or we can run them on 80/8443 whichever we configure apache to  listen on without a problem

However, if we try to redirect 80 to 8080 and 443 to 8443 everything seems to go to eth0.

We've used this redirection on systems with only one ip and have never had a problem.

A sample iptables config is:

*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 8080 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 8443 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
#### NAT for redirection 
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 8443
-A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080
COMMIT


Any help would be appreciated.

_____________________________________
"He's no failure. He's not dead yet."
William Lloyd George






More information about the TriLUG mailing list