Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 17th August 2012, 00:33
Wisdown Wisdown is offline
Member
 
Join Date: Aug 2012
Posts: 82
Thanks: 7
Thanked 2 Times in 2 Posts
Default Enabling ISPConfig bind on Static IP

Hi everyone,


Well, i bought the ispconfig manual after finish the setup of ISPConfig on my LAN, i have used this guide:

http://www.howtoforge.com/multiserve...th-ispconfig-3

But, the manual dont show how can i get this system on web using an valid static ip.

My network setup is:

Debian Gateway (nat transparent using masquared) with 2 nics
eth0 (192.168.25.2 - Router is 192.168.25.1) in a bridge router where i get the static ip by pppoe
eth1 (192.168.0.1) my LAN

i can ping all servers on LAN, i can set the things on ISPConfig Host pannel, but noone outside of my LAN can see my websites...

I already set the DNS to my valid static IP on both dns sides (the seller of my domain) and inside of ISPConfig, and dont work...

On my ISPConfig Host pannel i set the static IP on:

System
Server IP (i put the static IP)

Someone could help me?

Last edited by Wisdown; 17th August 2012 at 01:00.
Reply With Quote
Sponsored Links
  #2  
Old 17th August 2012, 06:26
Wisdown Wisdown is offline
Member
 
Join Date: Aug 2012
Posts: 82
Thanks: 7
Thanked 2 Times in 2 Posts
Default

My setup:

1 Debian as Gateway with 2 NICS
eth0 = In an bridge modem using pppoe for get the valid IP (VDSL connection - with static IP)
eth1 = 192.168.0.1 - My LAN

Modules
ip_tables
iptable_filter
iptable_mangle
iptable_nat
ipt_MASQUERADE
ipt_LOG
ipt_REDIRECT


Polices
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT

Roles
# Web Traffic
iptables -A INPUT -p tcp -m multiport --dports 80,443 -j ACCEPT
iptables -A FORWARD -p tcp --dport 80 -d 192.168.0.3 -j ACCEPT
iptables -A FORWARD -o ppp0 -p udp -m multiport --dports 80,8080 -j ACCEPT
iptables -A FORWARD -o ppp0 -p tcp --dport 443 -j ACCEPT

# Bind 9
iptables -A INPUT -p udp --dport 53 -j ACCEPT
iptables -A FORWARD -o ppp0 -p udp -m multiport --dports 53,5353 -j ACCEPT

iptables -t nat -A POSTROUTING -s 192 -o ppp0 -j MASQUERADE
iptables -t nat -A PREROUTING -p tcp --dport 80 ppp0 -j DNAT --to 192.168.0.3

echo "1" > /proc/sys/net/ipv4/ip_forward


Sockets
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

1 Debian with APACHE
eth0 = 192.168.0.3
Reply With Quote
  #3  
Old 17th August 2012, 09:22
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,779
Thanks: 840
Thanked 5,610 Times in 4,421 Posts
Default

You use a NAT setup on your server, this means that you have to use the interanl IP address of your server in ispconfig and not the external IP for the website as the translation between internal and external IP is done by your router.

Remove the external static IP in ISPConfig and add the internal (192.168.0.3) instead. Then add websites for that IP. If you cant reach the sites internally and not externally, then its a config issue in your router and not the ispconfig server.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #4  
Old 17th August 2012, 10:47
Wisdown Wisdown is offline
Member
 
Join Date: Aug 2012
Posts: 82
Thanks: 7
Thanked 2 Times in 2 Posts
Default

Hey,

Thanks for the answer.
I removed the valid static IP.
Should i update the dns records for the internal IP also?
Or, i only need add an A Server record pointing to 192.168.0.3?

How can i check the websites using lan?

when i type:

http://192.168.0.3

I got the apache message:

It works!
Reply With Quote
  #5  
Old 17th August 2012, 11:19
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,779
Thanks: 840
Thanked 5,610 Times in 4,421 Posts
Default

Quote:
Should i update the dns records for the internal IP also?
No, the dns records have to use the external IP.

Quote:
How can i check the websites using lan?
http://www.faqforge.com/linux/contro...-a-dns-record/
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #6  
Old 17th August 2012, 21:45
Wisdown Wisdown is offline
Member
 
Join Date: Aug 2012
Posts: 82
Thanks: 7
Thanked 2 Times in 2 Posts
Default

Ok i removed the public ip from apache server, i set the domains to bind on 192.168.0.3 and dindt work, i changed to *, and same thing, dindt worked.

I did the test using the change on hosts and i see the ISPConfig webpage to the domains.

Now i`m lost on how to setup my gateway / firewall...
I started with an machine dedicated to be the gateway, then i put 2 nics:

eth0 = 192.168.25.2 (Same range of modem to use pppoe)
eth1 = 192.168.0.1 (My LAN)

After phew tests i discovered i dont need an NIC on same range to use pppoe...

Now my "Gateway" have only one NIC - eth0 (192.168.0.1) and the ppp0 with fixed IP

The web server still on 192.168.0.3 (another virtual machine).

Before try focus on security i`m trying transparent proxy without success, can i get an example about what rules i need set on my firewall to see the things working?
Reply With Quote
  #7  
Old 22nd August 2012, 06:57
Wisdown Wisdown is offline
Member
 
Join Date: Aug 2012
Posts: 82
Thanks: 7
Thanked 2 Times in 2 Posts
 
Default

After get so bored with lot of failures trying doing this work, i choosed try pfsense before give and start think about use VPS system instead host my blogs at my house...

Using pfSense seems web port forwarding is working now...

But my websites get broken the header / footepad of ISPConfig...
When i restart the server says something about:

[warn] NameVirtualHost xxx.xxx.xxx.x:80 has no VirtualHosts

Because the default values of pfsense my network range changed...
I already did the updates on:

/etc/network/interfaces
/etc/resolv.conf
/etc/hosts

Gonna start add again my websites and see if work with the ISPConfig header / footer bars.

Then i would move forward to mail server.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Version 1.3 of the ISPConfig 3 Manual is finally available! falko General 44 2nd December 2011 13:04
SquirrelMail login not working glenneh Installation/Configuration 13 9th April 2011 21:01
ISPconfig 3: can't send or receive messages zogthegreat Installation/Configuration 6 22nd May 2010 15:45
Ftp problems timeout reny2000 General 6 23rd December 2009 12:09
ISPConfig installation into multiple OpenVZ containers letezo Installation/Configuration 11 3rd March 2009 23:47


All times are GMT +2. The time now is 15:18.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.