Multiple Internal/External IPS and Firewall - Printable Version +- ispCP - Board - Support (http://www.isp-control.net/forum) +-- Forum: ispCP Omega Support Area (/forum-30.html) +--- Forum: System Setup & Installation (/forum-32.html) +--- Thread: Multiple Internal/External IPS and Firewall (/thread-10706.html) |
Multiple Internal/External IPS and Firewall - edeis - 05-17-2010 11:48 AM Hi, I am a little unsure about the proper way to setup ISPcp behind a firewall. I have my setup working at home on local network, just about to take the machine and firewall to the data center (just found out my assigned IPs) and need to do the final config. Here's my setup: -5 public IPS -Firewall -ISPcp running on one virtual server instance (OpenVZ) with unique interal IP. -In the future I will deploy a second virtual server instance on second internal ip. When setting up ISPcp, it asks me for an IP address, should this be the internal IP address or the external IP address? Currently it is using an internal IP address for testing/setup. I am aware of the HowTo on changing IP: http://isp-control.net/documentation/howto:ispcp:change_ip How does this setting effect Apache and the DNS server? Since the firewall will be translating the public ip to internal ip, do I really need to set and public IPs in ISPcp or my machine? Just generally confused about what and where the appropriate internal/external IPs should be set. RE: Multiple Internal/External IPS and Firewall - BeNe - 05-18-2010 10:02 PM ispCP behind a NAT-Router/Firewall is not that nice. You should route the IP´s transparent to the VZ-Containers. So that you arrive on the VE-Server´s directly with the External IP. Greez BeNe RE: Multiple Internal/External IPS and Firewall - edeis - 05-19-2010 06:00 AM Doesn't that defeat the purpose of having a hardware firewall? The only compared problem I could google was using plesk on hardware firewall, and just editing the DNS template. I think that would work for ISPcp. I also read something about assigning both the internal and external IPs to the account. Would that work too? Would still like the ability to assign what external IP is associated with the domain. If it is stuck using just the internal IP, may cause problems having multiple SSL sites (each needs unique IP). Any suggestions??? Quote:"If you are running Plesk behind a hardware firewall, and you are serving DNS from the same server, this can be tricky as DNS defaults to the internal IP's. To get around this, be sure that the server has both the internal IP's, as well as the external IP's setup on it. Then, assign both the public and private IP's to the particular Client in Plesk. After that, do to the domain, click on DNS, and set the public IP as the default. It will pop up a box, telling you that this IP is not what the domain is hosted on, but just click OK. Plesk will now respond properly to apache and such on the internal IP's, but named will serve out the proper public IP's."https://www.zipsupport.com/support/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=424 Quote:"If you are running Plesk behind a firewall, you might encounter certain problems with resolution of domain names served by Plesk: when you set up a new DNS domain in Plesk, its zone file includes a resource record that associates the domain name with the IP address your Plesk server is on, i.e. an internal network address like 192.168.1.1. As the 192.168.x.x IP addresses are reserved by the Internet Assigned Numbers Authority (IANA) for use by private networks, this domain name will not be accessible to the Internet users. To work around this, you would have to associate this domain name with the IP address of the firewall machine in the domain's zone file (Domains > domain name > DNS)." http://download1.swsoft.com/Plesk/Plesk8.1/Windows/Docs/plesk-8.1-win-administrators-guide/34922.htm |