Author Topic: Help with making webserver on a third interace (DMZ) visible to internet.  (Read 4486 times)

zimbodel

  • Zen Apprentice
  • *
  • Posts: 21
  • Karma: +0/-0
    • View Profile
Re: Help with making webserver on a third interace (DMZ) visible to internet.
« Reply #15 on: November 01, 2011, 04:26:45 pm »
Ok I will write it up and post it.
But, it is clear to me that there is one of two problems.
1) a DNS issue on Strongbolt/bluquartz, although I doubt it as zentyal dont masquerade the webserver on DMZ bot does on LAN, clearly the same DNS error cannot give those two different results.
2) The default Iptables on zentyal is different for two internal nics creating the discrepancy.

Iptables is a pain and errors are easy to make, i wont be surprised if that is the case and it sure looks like, but it will be nice if it is just a simple DNS error.

christian

  • Guest
Re: Help with making webserver on a third interace (DMZ) visible to internet.
« Reply #16 on: November 01, 2011, 04:44:07 pm »
Before thinking that Zentyal generates some erroneous IPtables, tell us more about your settings.

e.g. if third interface is described as external, then you behaviour can be somewhat strange, if you see what I mean  ;)

zimbodel

  • Zen Apprentice
  • *
  • Posts: 21
  • Karma: +0/-0
    • View Profile
Re: Help with making webserver on a third interace (DMZ) visible to internet.
« Reply #17 on: November 01, 2011, 06:33:02 pm »
The ip addresses are bogus but originals were batch replaced so there will nt be any errors.

removed as it is not needed anymore.
« Last Edit: November 04, 2011, 07:04:21 pm by zimbodel »

zimbodel

  • Zen Apprentice
  • *
  • Posts: 21
  • Karma: +0/-0
    • View Profile
Re: Help with making webserver on a third interace (DMZ) visible to internet.
« Reply #18 on: November 02, 2011, 04:13:30 am »
BTW, there seems to be a bug in the Zentyal interface,
If I go to Zentyal Software Management, then Components and select View-Basic-Mode, and then highligh Proxy for installation, it clearly  installs Users and Groups rather tan proxy !!
That is why I couldnt activate proxy in the checkbox to start it as I reported earlier.
I repeated it twice here and it still does it.

See for yourself.

zimbodel

  • Zen Apprentice
  • *
  • Posts: 21
  • Karma: +0/-0
    • View Profile
Re: Help with making webserver on a third interace (DMZ) visible to internet.
« Reply #19 on: November 04, 2011, 01:09:08 am »
To add further:
If you dont use basic mode, then and only then Squid will install.
Clearly a bug, but not serious at all as it is onl;y interface related.

Another question.
Since I have squid installed, where is the reverse proxy? I cannot find it in the squid setup as suggested.

christian

  • Guest
Re: Help with making webserver on a third interace (DMZ) visible to internet.
« Reply #20 on: November 04, 2011, 06:49:42 am »
Sorry if I was not enough clear with my previous statements.
From technical standpoint, reverse proxy might be required in order to access internal (or on DMZ) web servers.  This doesn't mean however (and unfortunately) that it can be achieved using Zentyal "out-of-the-box".

Reverse proxy service doesn't exist with Zentyal. You will have to configure it manually. For this you have multiple choices:
 - using Apache
http://httpd.apache.org/docs/1.3/mod/mod_proxy.html#forwardreverse
- adding another component like Nginx
http://tumblr.intranation.com/post/766288369/using-nginx-reverse-proxy
http://www.cyberciti.biz/faq/rhel-linux-install-nginx-as-reverse-proxy-load-balancer/
- configuring Squid
http://wiki.squid-cache.org/SquidFaq/ReverseProxy

This has been discussed in some other posts:
http://forum.zentyal.org/index.php/topic,8452.msg35025.html#msg35025
http://forum.zentyal.org/index.php/topic,8227.0.html

zimbodel

  • Zen Apprentice
  • *
  • Posts: 21
  • Karma: +0/-0
    • View Profile
Re: Help with making webserver on a third interace (DMZ) visible to internet.
« Reply #21 on: November 04, 2011, 07:03:33 pm »
I decided to drop Bluequartz/Strongbolt as there is no service or support from either, even though I bought and paid for service.
As I can use a standard linux server with domainname as ip address on the DMZ and do not need reverse proxy in that case it is the way to go.
I will keep zentyal as firewall.
I agree that the inability of Strongbolt/bluequartz to use ip as domainname will require reverse proxy, but only in that case, as I proved for myself that a webserver works perfectly on DMZ without proxy if the domainname is the ip address and could browse it.

Thanks for all the help it is appreciated.
I will delete the network details post thanks.