[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

LAN requests to internal web server (beware: involves mod_rewrite)



Hi gang.
I have a 3.7 box redirecting internet HTTP requests to my dynamically assigned address to an
internal web server with the following PF line:
rdr on tun0 inet proto tcp from any to $EXT port 80 -> 192.168.2.214
All is well.
When I needed to provide access to lan clients I added this line:
rdr on $INT inet proto tcp from $LAN_clients to $EXT port 80 -> 192.168.2.214
All is well.
I recently needed to redirect requests to http://example.com/ to http://example.com/dir/ and I
accomplished this using mod_rewrite:
RewriteRule ^/$ /dir/ [R,L]
Internet requests are redirected.  All is well.
Incidentally, when I point lynx directly to example.com/dir/ it works but when I do the same
with Firefox it doesn't.
The main problem is when an internal client (using either browser) attempts to reach the
server.  Somehow the rewrite is breaking things.  I have sniffed the traffic on the web server
(leo) and I see the client (sonata) keeps resetting the connection:
sonata.50203 > leo.www: S 3873582015:3873582015(0) win 65535 <mss 1460,nop,nop,sackOK> (DF)
leo.www > sonata.50203: S 1850416475:1850416475(0) ack 3873582016 win 16384 <mss
1460,nop,nop,sackOK> (DF)
sonata.50203 > leo.www: R 3873582016:3873582016(0) win 0 (DF)
sonata.59370 > leo.www: S 1346830390:1346830390(0) win 65535 <mss
1460,nop,nop,sackOK,nop,wscale 1,nop,nop,timestamp 79863297 0> (DF)
leo.www > sonata.59370: S 100367935:100367935(0) ack 1346830391 win 16384 <mss
1460,nop,nop,sackOK,nop,wscale 0,nop,nop,timestamp 1225378424 79863297> (DF)
sonata.59370 > leo.www: . ack 1 win 33304 <nop,nop,timestamp 79863297 1225378424> (DF)
sonata.59370 > leo.www: P 1:446(445) ack 1 win 33304 <nop,nop,timestamp 79863297 1225378424>
(DF)
leo.www > sonata.59370: P 1:524(523) ack 446 win 17376 <nop,nop,timestamp 1225378424 79863297>
(DF)
sonata.51209 > leo.www: S 172896183:172896183(0) win 65535 <mss 1460,nop,nop,sackOK,nop,wscale
1,nop,nop,timestamp 79863304 0> (DF)
leo.www > sonata.51209: S 226194437:226194437(0) ack 172896184 win 16384 <mss
1460,nop,nop,sackOK,nop,wscale 0,nop,nop,timestamp 2863479542 79863304> (DF)
sonata.51209 > leo.www: R 172896184:172896184(0) win 0 (DF)
sonata.59370 > leo.www: . ack 524 win 33304 <nop,nop,timestamp 79863313 1225378424> (DF)
sonata.51209 > leo.www: S 172896183:172896183(0) win 65535 <mss 1460,nop,nop,sackOK,nop,wscale
1,nop,nop,timestamp 79863604 0> (DF)
leo.www > sonata.51209: S 1749620331:1749620331(0) ack 172896184 win 16384 <mss
1460,nop,nop,sackOK,nop,wscale 0,nop,nop,timestamp 1110303664 79863604> (DF)
sonata.51209 > leo.www: R 172896184:172896184(0) win 0 (DF)
sonata.51209 > leo.www: S 172896183:172896183(0) win 65535 <mss 1460,nop,nop,sackOK,nop,wscale
1,nop,nop,timestamp 79863924 0> (DF)
leo.www > sonata.51209: S 1451968876:1451968876(0) ack 172896184 win 16384 <mss
1460,nop,nop,sackOK,nop,wscale 0,nop,nop,timestamp 610489831 79863924> (DF)
sonata.51209 > leo.www: R 172896184:172896184(0) win 0 (DF)
sonata.51209 > leo.www: S 172896183:172896183(0) win 65535 <mss 1460,nop,nop,sackOK> (DF)
leo.www > sonata.51209: S 1937590863:1937590863(0) ack 172896184 win 16384 <mss
1460,nop,nop,sackOK> (DF)
sonata.51209 > leo.www: R 172896184:172896184(0) win 0 (DF)t proto tcp from any to $EXT port 80
-> 192.168.2.214
Here is what I get from lynx:
http://httpd.apacheLooking up example.com
Making HTTP connection to example.com
Sending HTTP request.
HTTP request sent; waiting for response.
HTTP/1.1 302 Found
Data transfer complete
HTTP/1.1 302 Found
Using http://www.example.com/dir/
Looking up www.example.com
Making HTTP connection to www.example.com
Alert!: Unable to connect to remote host.
< long pause >
lynx: Can't access startfile http://example.com/
Is this a PF issue?  I'm not sure.
Thanks for any input,
Peter
__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com