Subject: Re: hostname problems
To: Thomas M Clarke <tmc@tmcgames.com>
From: None <kpneal@pobox.com>
List: tech-net
Date: 02/23/2003 00:23:48
On Sun, Feb 23, 2003 at 03:30:37AM -0000, Thomas M Clarke wrote:
> I've just built a nat/firewall box for my home network, the dsl dial up I
> have is on a dynamic ip. Problems have started to occur because of the
> hostname not being configured correctly. I would like to call the computer
> "hades" therefore I've put "hades" into /etc/myname. I've installed apache
> httpd and would like to run two virtual hosts, one for the internal network
> bound to the ethernet card ip address and one for the external internet
> bound to the ppp interface ip address. How do I go about configuring my
> system to be aware of the fact that I have a dynamic ip (thus a dynamic
> hostname) on the internet and a static ip/hostname on the intranet? With the
> current setup apache startup fails because it can not resolve the name
> "hades", I have inserted a line in /etc/hosts containing:
> 10.0.0.1 hades
I'm thinking you can't do what you are asking to do without restarting
Apache every time your IP changes. You may need to regenerate your
httpd.conf to have a different ListenOn directive naming the dynamic
IP.
I'm not sure if you need your /etc/hosts regenerated when you get a
new IP or not, but I'm thinking that having /etc/hosts list the
external hostname with an internal IP isn't going to work. Actually,
I don't think you need /etc/hosts for Apache since I think I remember
Apache being changed to not do DNS lookups for virtual hosts. Apache
knows what virtual host a browser wants because of the Host: header
sent by the browser. Apache knows what IP's to listen on because you
told it or it grabbed all the interfaces it found when you started it.
Also, how in the world are people going to get to your web site through
DNS? Do you have a static hostname that always resolves to your dynamic
IP?
Ramble ramble ramble late night ramble. Sorry.
Alright, I guess it boils down to this:
1) You need a static hostname for your web site. These are available
in a number of places online.
2) Have Apache have a named virtual host with the static hostname.
3A) Have Apache listen on *:80. Restart Apache when your IP changes.
3B) If you do NOT want your internal web site visible from the Internet
then you may need either two Apache's running or have one Apache
with a config file that gets regenerated when your IP changes.
Actually, having two Apaches means you still need a config file
regen for the external site on IP change.
My personal suggestion would be to have two Apaches running. This
way you can be that much more sure that your internal site won't
be accessible from the Internet. Worst case with one server is your
security relies on the browser sending a valid Host: header for the
external site. If you mess up your config file you can have an
incorrect or missing Host: header expose your internal site to the
Internet.
For a totally different approach you may be able to get away with
ipnat tricks to get around the dynamic-IP problem. You still need
to be very sure your Apache config is correct, though, or you
can run into the same security problems.
--
"A method for inducing cats to exercise consists of directing a beam of
invisible light produced by a hand-held laser apparatus onto the floor ...
in the vicinity of the cat, then moving the laser ... in an irregular way
fascinating to cats,..." -- US patent 5443036, "Method of exercising a cat"