troubles: LAN requests to internal web server

#1 (**permalink**) 08-17-2005

Hi gang.

I have an OpenBSD 3.7 box (running Apache 1.3.29) redirecting internet
HTTP requests to my dynamically assigned address to an internal web
server with the following PF line:

rdr on tun0 inet proto tcp from any to $EXT port 80 -> 192.168.2.214

All is well.

When I needed to provide access to lan clients I added this line:

rdr on $INT inet proto tcp from $LAN_clients to $EXT port 80 ->
192.168.2.214

All is well.

I recently needed to redirect requests to http://example.com/ to
http://example.com/dir/ and I accomplished this using mod_rewrite:

RewriteRule ^/$ /dir/ [R,L]

Internet requests are redirected. All is well.

Incidentally, when I point lynx directly to example.com/dir/ it works
but when I do the same with Firefox it doesn't.

The main problem is when an internal client (using either browser)
attempts to reach the server. Somehow the rewrite is breaking things.
I have sniffed the traffic on the web server (leo) and I see the client
(sonata) keeps resetting the connection:

sonata.50203 > leo.www: S 3873582015:3873582015(0) win 65535 <mss
1460,nop,nop,sackOK> (DF)
leo.www > sonata.50203: S 1850416475:1850416475(0) ack 3873582016 win
16384 <mss 1460,nop,nop,sackOK> (DF)
sonata.50203 > leo.www: R 3873582016:3873582016(0) win 0 (DF)
sonata.59370 > leo.www: S 1346830390:1346830390(0) win 65535 <mss
1460,nop,nop,sackOK,nop,wscale 1,nop,nop,timestamp 79863297 0> (DF)
leo.www > sonata.59370: S 100367935:100367935(0) ack 1346830391 win
16384 <mss 1460,nop,nop,sackOK,nop,wscale 0,nop,nop,timestamp
1225378424 79863297> (DF)
sonata.59370 > leo.www: . ack 1 win 33304 <nop,nop,timestamp 79863297
1225378424> (DF)
sonata.59370 > leo.www: P 1:446(445) ack 1 win 33304 <nop,nop,timestamp
79863297 1225378424> (DF)
leo.www > sonata.59370: P 1:524(523) ack 446 win 17376
<nop,nop,timestamp 1225378424 79863297> (DF)
sonata.51209 > leo.www: S 172896183:172896183(0) win 65535 <mss
1460,nop,nop,sackOK,nop,wscale 1,nop,nop,timestamp 79863304 0> (DF)
leo.www > sonata.51209: S 226194437:226194437(0) ack 172896184 win
16384 <mss 1460,nop,nop,sackOK,nop,wscale 0,nop,nop,timestamp
2863479542 79863304> (DF)
sonata.51209 > leo.www: R 172896184:172896184(0) win 0 (DF)
sonata.59370 > leo.www: . ack 524 win 33304 <nop,nop,timestamp 79863313
1225378424> (DF)
sonata.51209 > leo.www: S 172896183:172896183(0) win 65535 <mss
1460,nop,nop,sackOK,nop,wscale 1,nop,nop,timestamp 79863604 0> (DF)
leo.www > sonata.51209: S 1749620331:1749620331(0) ack 172896184 win
16384 <mss 1460,nop,nop,sackOK,nop,wscale 0,nop,nop,timestamp
1110303664 79863604> (DF)
sonata.51209 > leo.www: R 172896184:172896184(0) win 0 (DF)
sonata.51209 > leo.www: S 172896183:172896183(0) win 65535 <mss
1460,nop,nop,sackOK,nop,wscale 1,nop,nop,timestamp 79863924 0> (DF)
leo.www > sonata.51209: S 1451968876:1451968876(0) ack 172896184 win
16384 <mss 1460,nop,nop,sackOK,nop,wscale 0,nop,nop,timestamp 610489831
79863924> (DF)
sonata.51209 > leo.www: R 172896184:172896184(0) win 0 (DF)
sonata.51209 > leo.www: S 172896183:172896183(0) win 65535 <mss
1460,nop,nop,sackOK> (DF)
leo.www > sonata.51209: S 1937590863:1937590863(0) ack 172896184 win
16384 <mss 1460,nop,nop,sackOK> (DF)
sonata.51209 > leo.www: R 172896184:172896184(0) win 0 (DF)t proto tcp
from any to $EXT port 80 -> 192.168.2.214

Here is what I get from lynx:

http://httpd.apacheLooking up example.com
Making HTTP connection to example.com
Sending HTTP request.
HTTP request sent; waiting for response.
HTTP/1.1 302 Found
Data transfer complete
HTTP/1.1 302 Found
Using http://www.example.com/dir/
Looking up www.example.com
Making HTTP connection to www.example.com
Alert!: Unable to connect to remote host.
< long pause >
lynx: Can't access startfile http://example.com/

Thanks for any input,

Peter

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode