Author Topic: webserver for INTRAnet  (Read 2577 times)

Netz

  • Zen Apprentice
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
webserver for INTRAnet
« on: November 26, 2011, 09:19:13 pm »
Hi,
before I came to Zentyal I used Ubuntu Server with a LAMP for a website thats only avialeble form network.
Now I want to realise this here.

I have an static address for eth0 and that is working fine (updates and so on).
Now I'm trying to get the webserver working.

I tryed to make a second gateway 10.196.128.1 and divide the traffic. Did't work.
I tryed to make a static route from 10.196.255.255/32 to 10.196.128.1 . Did't work.

Before I was using this settings
Code: [Select]
echo "1 admin" >> /etc/iproute2/rt_tables
ip route add xxx.yy.213.0/24 dev eth0 src xxx.yy.213.8 table admin
ip route add default via xxx.yy.213.1 dev eth0 table admin
ip rule add from xxx.yy.213.8/32 table admin
ip rule add to xxx.yy.213.8/32 table admin

echo "1 intranet" >> /etc/iproute2/rt_tables
sudo ip route add 10.196.128.0/24 dev eth2 src 10.196.128.1 table intranet
sudo ip route add default via 10.196.128.1 dev eth2 table intranet
sudo ip rule add from 10.196.128.88/32 table intranet
sudo ip rule add to 10.196.128.88/32 table intranet

How to include what I had into the GUI of Zentyal?
Please keep in mind, I want my website to be able to be updated and send mails, but be abolutly not accesseble from the INTERnet.

Thanks!

ichat

  • Zen Hero
  • *****
  • Posts: 795
  • Karma: +28/-16
  • RTFM!
    • View Profile
Re: webserver for INTRAnet
« Reply #1 on: November 26, 2011, 10:45:44 pm »
i think that you might be looking at this in the wrong way,   even though you could deny access on port 80 for your zentyal box blocking all websites from the internet,  i would instead try to use zentyal stubs (look that up),  instead to change the  apache directive so that  your   internanet  will only  listen on   ethX   where x is NOT a wan port...
All tips hints and advices are based on my personal experience.
As I try my best to be as accurate as possible, following my advice is always at your own risk,
I claim absolutely NO responsibility in any way!

Netz

  • Zen Apprentice
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
Re: webserver for INTRAnet
« Reply #2 on: November 27, 2011, 12:19:40 pm »
Thanks for your answer, but I don't understand all of it.
I looked the stubs up and with the hooks it seems to be a good thing to have changes permanent on my machine.

My main problem is not to tell the apache to just listen to the eth1 (I can just tell him to listen to the intranet ip instead of both ips or just block port 80 on eth0).

My big problem is that the answer has to go over eth1 and to gateway 10.196.128.1, which is not reachable by eth0.

Is it my lack of IT knowledge that didn't let me get your tip or did I describe my problem not exactly enough? (Feel free to tell).

ichat

  • Zen Hero
  • *****
  • Posts: 795
  • Karma: +28/-16
  • RTFM!
    • View Profile
Re: webserver for INTRAnet
« Reply #3 on: November 27, 2011, 01:41:46 pm »
sorry i think im missing your point here,

could you make some kind of diagrame of what your trying to achieve..

in example how does your network  work,   is zenyal your routing device, or is it some lan computer with only 1 nic connected to your router/gateway...
 
All tips hints and advices are based on my personal experience.
As I try my best to be as accurate as possible, following my advice is always at your own risk,
I claim absolutely NO responsibility in any way!

Netz

  • Zen Apprentice
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
Re: webserver for INTRAnet
« Reply #4 on: November 27, 2011, 02:10:02 pm »
So, I did some graphic.  :)

Code: [Select]
              Internet---------------------------------- myZentyal (LAMP [used to give user help who are not connected to the internet,
                  |                                           |           by contacting administrators via contact formular or posting on a bulletin board])
                  |                                           |
                  |     ----------------------------------- GW 10.196.128.1
                  |     |                                                               
               Gateway X --------------------------|                                       
                  |                                |                                       
                  |                                |                                       
              GW 10.196.100.1             GW 10.196.100.2 ...               
                 |                               |
                 |                               |
               (lokal network users 10.196.128.255)

Netz

  • Zen Apprentice
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
Re: webserver for INTRAnet
« Reply #5 on: November 27, 2011, 03:31:24 pm »
I forgot to say that myZentyal is a VM and has two NICs to be operating on the intranet and the intenet fine separated.

half_life

  • Bug Hunter
  • Zen Hero
  • *****
  • Posts: 867
  • Karma: +59/-0
    • View Profile
Re: webserver for INTRAnet
« Reply #6 on: November 27, 2011, 07:56:23 pm »
Is the gateway a Zentyal machine and myZentyal a  virtual machine running under the Zentyal host?  I think you already know this but /etc/apache2/sites-available/  contains your website definitions and it is possible to limit where the server listens by changing the first line in the config files.   Judging from your graphic,  you want people off of your lan to have access to the myZentyal machine and provide some public facing info,  while still providing intranet to your internal network.  Am I correct?