Vesta Control Panel - Forum

Community Forum

Skip to content

Advanced search
  • Quick links
    • Main site
    • Github repo
    • Google Search
  • FAQ
  • Login
  • Register
  • Board index Main Section Web Server
  • Search

Routing outbound web traffic

Questions regarding the Web Server
Apache + Nginx, Nginx + PHP5-FPM
Post Reply
  • Print view
Advanced search
3 posts • Page 1 of 1
netsujit
Posts: 2
Joined: Wed Mar 12, 2014 10:53 am

Routing outbound web traffic
  • Quote

Post by netsujit » Sat Jul 29, 2017 8:26 am

Hi there,

Am unsure if my question is Vesta related or not, however I thought I'll try my luck here.

Is there any way I can route all outbound traffic through a different network interface?

I've got two network interface, each with two static IPs
eth0 (192.168.1.4) and eth0:1 (192.168.1.5)
eth1 (192.168.2.4) and eth1:1 (192.168.2.5)

I have added all the IPs in Vesta admin panel and a web app is active with the static IP eth0. Is it possible to have all incoming traffic through eth0 and all outgoing traffic through eth1 or may be eth0:1

Alternatively, if there is a way to make the website/virtualhost listen on all IPs, then I can use firewall to block incoming and outgoing on respective IPs.

Using CentOS 7.

Any help will be appreciated. Apologies if this is not the right place to query this.
Top

gecube_ru
Posts: 141
Joined: Thu Jun 22, 2017 1:21 pm

Re: Routing outbound web traffic
  • Quote

Post by gecube_ru » Sat Jul 29, 2017 4:12 pm

Yes, the first step is to set the default gw. If you set it to, for example, 192.168.2.1 (or what is your gateway ip), the server will respond to all traffic via it.
Also default gateway rewrites the route for 0.0.0.0/0 subnet.

Another idea is to set SRC address in the routing table or firewall rules.
I have added all the IPs in Vesta admin panel and a web app is active with the static IP eth0. Is it possible to have all incoming traffic through eth0 and all outgoing traffic through eth1 or may be eth0:1
It is very strange and maybe unstable configuration (let's imagine that after reboot the eth0 and eth1 will be swapped). What task do you want to resolve using such the configuration?
Alternatively, if there is a way to make the website/virtualhost listen on all IPs, then I can use firewall to block incoming and outgoing on respective IPs.
Yes, there is such solution. You just need to set the correct Listen directive in your http server.
Top

netsujit
Posts: 2
Joined: Wed Mar 12, 2014 10:53 am

Re: Routing outbound web traffic
  • Quote

Post by netsujit » Sun Aug 06, 2017 7:31 am

gecube_ru wrote:Yes, the first step is to set the default gw. If you set it to, for example, 192.168.2.1 (or what is your gateway ip), the server will respond to all traffic via it.
Also default gateway rewrites the route for 0.0.0.0/0 subnet.
Thanks @gecube_ru

I somehow managed to resolve the query.

So eth0 was the default gateway with the IP 192.168.1.4. Created a website example.com with my default settings (httpd as web server and nginx as reverse proxy. After installing Letsencrypt SSL on the site, I made the following changes.

/home/user/conf/web/httpd.conf and /home/user/conf/web/shttpd.conf
Changed the first line

Code: Select all

<VirtualHost 192.168.1.4:8080>
to

Code: Select all

<VirtualHost *:8080>

/home/user/conf/web/nginx.conf and /home/user/conf/web/snginx.conf
Changed the second line

Code: Select all

listen      192.168.1.4:80;
to

Code: Select all

listen      *:80;
Making the above changes made example.com accessible on both IP addresses 192.168.1.4 and 192.168.1.5. Once this was done, I blocked all incoming traffic on the default IP 192.168.1.4. So that way, all outbound traffic uses default 192.168.1.4, however the site is accessible only from 192.168.1.5. Not straightforward, but it worked.

I have just one website on my server and hence I haven't made any changes to the default templates at /usr/local/vesta/data/templates/web/. Not sure if I need to.
Top


Post Reply
  • Print view

3 posts • Page 1 of 1

Return to “Web Server”



  • Board index
  • All times are UTC
  • Delete all board cookies
  • The team
Powered by phpBB® Forum Software © phpBB Limited
*Original Author: Brad Veryard
*Updated to 3.2 by MannixMD
 

 

Login  •  Register

I forgot my password