> > Yes, you'll need three ports on your firewall for RED/ORANGE/GREEN > respectively. > Yes you can host a website, but you probably should spend some time > learning about apache in more details. It's pretty feature rich. > > > --
Damn right, but for a small setup these tips might give you some directions, IPCOP listens on RED, if a request for >your.ip.add.ress:80< is available it will forward the request according to your rule and forward it to >my.dmz.ip.here:80< to ORANGE (ipcop as a router would have e.g. 10.0.0.1)... make sure Apache listens on >my.dmz.ip.here:80< and will answer to the http request and gives back the result to the firewall which will forward the paket to client on red... The whole apache machine (network interfaces settings & routings & apache httpd.conf) needs to have the >my.dmz.ip.here< , as I said before e.g. 10.0.0.2. This is the only thing you have to make sure. In apache you put/change --> Listen my.dmz.ip.here:80 <-- in your httpd.conf - also you still use your fqdn like e.g. www.mydomain.com with this address 10.0.0.2. How to do the portforwarding, take a look here :-) http://www.ipcop.org/1.3.0/en/admin/html/services.html#services_portforward For more info on apache 1.3 directives look here :-) http://httpd.apache.org/docs/mod/directives.html BTW, using an apache on GREEN, IPCOP will NOT allow any connection from RED (unless the orginal request was from inside GREEN). This is forbidden by design, just to make sure you get it right. Therefore the DMZ/ORANGE.... You can use Internet - 210.210.210.211 -------------|------------------| Provider ips - 212/213/214/215 | | which will be forwarded to ORANGE DMZ - 10.0.0.1 GREEN - 192.168.0.1 "isolated" clients 10.0.0.2 clients 192.168.0.2 /3/4/5/ /3/4/5 Portforward from RED to ORANGE: WEBSERVER 210.210.210.212 Port 80 ----> 10.0.0.2 Port 80 MAILSERVER 210.210.210.213 Port 25 ----> 10.0.0.3 Port 80 and so on........ Ah almost forgot, to get access to the DMZ do a "route add" on every client on GREEN, so they'll know how to reach the DMZ.... on wintendo clients a -p makes the entry permanent, don't know if it's the same for 'nix. HTH, Simmel -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
