# Couple of Apache questions(ip settings

## RickDB

Ok here comes my question:

I am behind a router/nat and can not edit it  :Sad:  (stupid admin)

So i need to manually set my ip, which helped me send files to irc(xchat dcc server) so it should work.

I looked up the config and found a couple of things:

###

### IP Address/Port

###

#BindAddress *

Port 666

Listen 666

But when i add my ip apache won't start(config error), so where can i give apache my external ip(not the 192 one but the 213 one)?

Nevermind my second question it was about passwords but i found the solution for that in the other apache topic  :Very Happy: 

Thx in advance,

RickDB

----------

## merlin_nl

what is the exact config error ?

to me it looks like you have to place the following line (with your ip's in it) in the /etc/hosts file

```
192.168.0.??  hostname.domainname   hostname 
```

in my case it was 

```
127.0.0.1       localhost

192.168.0.39    overdosed.nerdswithguns.nl      overdosed
```

----------

## RickDB

root@localhost conf # /etc/init.d/apache restart

 * Gracefully restarting apache...

 * Stopping apache...                                                     [ ok ]

 * Apache configuration error                                             [ !! ]

root@localhost conf #

And i don't think a need to set my local ip but my external ip(in the apache config somehow) so that apache broadcasts thru 213 instead of the 192 ip.

Because now its localhost(192.168.0.4 thats me), but i want a webserver on the web not on my network  :Very Happy: 

----------

## merlin_nl

my apacheconfig...

```
#This is needed for Frontpage support

Port 80

ServerRoot /etc/apache

ResourceConfig /dev/null

AccessConfig /dev/null

NameVirtualHost 192.168.0.39

<VirtualHost 192.168.0.39:80>

ServerName www.nerdswithguns.nl

ServerAdmin beheer@nerdswithguns.nl

DocumentRoot /www/www.nerdswithguns.nl

</VirtualHost>
```

on the gateway I did

```
/sbin/iptables -t nat -A PREROUTING -p tcp -i eth0 -d 213.196.**.*** --dport 22 -j DNAT --to 192.168.0.39

/sbin/iptables -A FORWARD -p tcp -i eth0 -d 192.168.0.39 --dport 22 -j ACCEPT

```

it works fine for me  :Smile: 

----------

## RickDB

Can the iptables script also be run from the client?

Because i can not edit the router/nat/gateway(its an all in on router  :Very Happy:  )

My network looks like this:

ADSL modem(213.*.*.*)----->router----->my gentoo pc(192*.*.*)Last edited by RickDB on Wed Dec 25, 2002 2:44 am; edited 1 time in total

----------

## merlin_nl

Ok, let me get this correct..

```
outside network <> server (managed by others) <> your webserver ?
```

No go my friend..

The server that acts as a gateway must have a portforward to your webserver..

As far as I know there is no alternative.

----------

## RickDB

Can't i reroute my traffic to 213 and then tell apache to connect to that?

There are a couple of mysql servers also running on the other clients(win*ows and all), and they can connect so it should work in linux also i guess(webserver is almost the same).

Mayb i will ask the admin nicely  :Very Happy: , so i need to set a portfoward from port 80 of 192.168.0.* and thats all right?

----------

## Can O' Beans

Seems like you'll have to get that port forwarded. Now you just need a good excuse  :Wink: 

----------

## RickDB

Ok the admin enabled DMZ(finally  :Very Happy:  ) , so nothing is blocked to my local ip which is a bit scary because i am a iptables n00b  :Sad: 

What programs are there to get a nice firewall script(iptables) ?

I want to run a server(apache, ftp,ut2003 server) but block those irri hackers.

Thx in advance,

RickDB

----------

## btg308

http://www.iptables.org/ is always a good start. Personally I use this script: http://www.iptables.org/documentation/tutorials/blueflux/iptables-tutorial.html as a starting point.

But when you say nothing is blocked, does that mean that all ports are being forwarded into your box, or just a select few? If all ports are being forwarded, you are indeed fairly exposed to the 'Net. 

However, I hope your firewall admin just forwarded a few ports to your machine. If so; just configure apache, the UT server, whatever, to listen on those ports - you won't need a firewall of your own.

----------

