Enabling ISPConfig bind on Static IP

Discussion in 'Installation/Configuration' started by Wisdown, Aug 16, 2012.

  1. Wisdown

    Wisdown New Member

    Hi everyone,


    Well, i bought the ispconfig manual after finish the setup of ISPConfig on my LAN, i have used this guide:

    http://www.howtoforge.com/multiserv...se-servers-on-debian-squeeze-with-ispconfig-3

    But, the manual dont show how can i get this system on web using an valid static ip.

    My network setup is:

    Debian Gateway (nat transparent using masquared) with 2 nics
    eth0 (192.168.25.2 - Router is 192.168.25.1) in a bridge router where i get the static ip by pppoe
    eth1 (192.168.0.1) my LAN

    i can ping all servers on LAN, i can set the things on ISPConfig Host pannel, but noone outside of my LAN can see my websites...

    I already set the DNS to my valid static IP on both dns sides (the seller of my domain) and inside of ISPConfig, and dont work...

    On my ISPConfig Host pannel i set the static IP on:

    System
    Server IP (i put the static IP)

    Someone could help me?
     
    Last edited: Aug 17, 2012
  2. Wisdown

    Wisdown New Member

    My setup:

    1 Debian as Gateway with 2 NICS
    eth0 = In an bridge modem using pppoe for get the valid IP (VDSL connection - with static IP)
    eth1 = 192.168.0.1 - My LAN

    Modules
    ip_tables
    iptable_filter
    iptable_mangle
    iptable_nat
    ipt_MASQUERADE
    ipt_LOG
    ipt_REDIRECT


    Polices
    iptables -P INPUT ACCEPT
    iptables -P OUTPUT ACCEPT
    iptables -P FORWARD ACCEPT

    Roles
    # Web Traffic
    iptables -A INPUT -p tcp -m multiport --dports 80,443 -j ACCEPT
    iptables -A FORWARD -p tcp --dport 80 -d 192.168.0.3 -j ACCEPT
    iptables -A FORWARD -o ppp0 -p udp -m multiport --dports 80,8080 -j ACCEPT
    iptables -A FORWARD -o ppp0 -p tcp --dport 443 -j ACCEPT

    # Bind 9
    iptables -A INPUT -p udp --dport 53 -j ACCEPT
    iptables -A FORWARD -o ppp0 -p udp -m multiport --dports 53,5353 -j ACCEPT

    iptables -t nat -A POSTROUTING -s 192 -o ppp0 -j MASQUERADE
    iptables -t nat -A PREROUTING -p tcp --dport 80 ppp0 -j DNAT --to 192.168.0.3

    echo "1" > /proc/sys/net/ipv4/ip_forward


    Sockets
    iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
    iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

    1 Debian with APACHE
    eth0 = 192.168.0.3
     
  3. till

    till Super Moderator Staff Member ISPConfig Developer

    You use a NAT setup on your server, this means that you have to use the interanl IP address of your server in ispconfig and not the external IP for the website as the translation between internal and external IP is done by your router.

    Remove the external static IP in ISPConfig and add the internal (192.168.0.3) instead. Then add websites for that IP. If you cant reach the sites internally and not externally, then its a config issue in your router and not the ispconfig server.
     
  4. Wisdown

    Wisdown New Member

    Hey,

    Thanks for the answer.
    I removed the valid static IP.
    Should i update the dns records for the internal IP also?
    Or, i only need add an A Server record pointing to 192.168.0.3?

    How can i check the websites using lan?

    when i type:

    http://192.168.0.3

    I got the apache message:

    It works!
     
  5. till

    till Super Moderator Staff Member ISPConfig Developer

  6. Wisdown

    Wisdown New Member

    Ok i removed the public ip from apache server, i set the domains to bind on 192.168.0.3 and dindt work, i changed to *, and same thing, dindt worked.

    I did the test using the change on hosts and i see the ISPConfig webpage to the domains.

    Now i`m lost on how to setup my gateway / firewall...
    I started with an machine dedicated to be the gateway, then i put 2 nics:

    eth0 = 192.168.25.2 (Same range of modem to use pppoe)
    eth1 = 192.168.0.1 (My LAN)

    After phew tests i discovered i dont need an NIC on same range to use pppoe...

    Now my "Gateway" have only one NIC - eth0 (192.168.0.1) and the ppp0 with fixed IP

    The web server still on 192.168.0.3 (another virtual machine).

    Before try focus on security i`m trying transparent proxy without success, can i get an example about what rules i need set on my firewall to see the things working?
     
  7. Wisdown

    Wisdown New Member

    After get so bored with lot of failures trying doing this work, i choosed try pfsense before give and start think about use VPS system instead host my blogs at my house...

    Using pfSense seems web port forwarding is working now...

    But my websites get broken the header / footepad of ISPConfig...
    When i restart the server says something about:

    [warn] NameVirtualHost xxx.xxx.xxx.x:80 has no VirtualHosts

    Because the default values of pfsense my network range changed...
    I already did the updates on:

    /etc/network/interfaces
    /etc/resolv.conf
    /etc/hosts

    Gonna start add again my websites and see if work with the ISPConfig header / footer bars.

    Then i would move forward to mail server.
     

Share This Page