External Web Server links to internal web server on LAN - how to configure?

I'm hoping someone can give me a bit of assistance with some routing configurations:
Currently, I have a Cisco PIX 515E that's handling my VPN and routing/DNS, etc. I'm dumping the PIX (it's overkill for my organization and it's costing too much money for Cisco-certified techs to come in and still not configure it correctly for my needs - long story).
Furthermore, an external website hosted with our ISP links to a public IP (let's say 192.x.x.1) that points through the current PIX firewall, through a DMZ, and then to a webserver hosted locally behind our firewall.
I'd like our Xserve to take over for the PIX, providing VPN access, DNS, etc. and to properly route calls from the web to 198.x.x.1 to the correct server behind out network.
The Xserve has two NIC cards, one on a public IP 192.x.x.2 (for the sake of this discussion) and one with it's internal address of 10.1.0.2 for file sharing, etc.
The internal web server also has 2 NIC cards, one that listens for the links to 192.x.x.1, and one that listens locally on 10.1.0.80 for LAN application services.
How do I configure DNS/etc. on the Xserve to properly channel the incoming calls to 192.x.x.1 to properly reach the server they're supposed to reach?
Any help is appreciated. If more info is needed, I'm happy to provide.
Thanks in advance!

I've read your post several times and I'm pretty sure I understand what you're saying, until the line:
>How do I configure DNS/etc. on the Xserve to properly channel the incoming calls to 192.x.x.1 to properly reach the server they're supposed to reach?
Assuming that the 192.x.x.1 address is a real-world, public IP address that the web server is using, you want all requests from the outside world to go to this address, correct? but requests from the inside world want to go to the 10.1.0.80 address on that server?
That part I get - you want split DNS, which is not trivial to setup, but is manageable. The part I don't get is where the firewall comes in - you're removing the pix and replacing it with an XServe, but the web server has a public IP address in the same range as the XServe's public IP address and on that basis no traffic is going to flow through the firewall.
So I'm not sure if this is a firewall or a DNS question.
Split DNS will handle the internal vs. external traffic going to the different IP addresses of your server. You can't use Server Admin to do this (it can't handle multiple views of the DNS), but it is possible to do by hand.
The firewall element stumps me, though - but if the XServe is going to run as the firewall you might just find it easier to put the web server behind the firewall and forget the whole DMZ concept.
Then again, you could get the PIX operating correctly - it's a viable firewall appliance and I'd be surprised if it couldn't do what you want here.

Similar Messages

  • Webi report link to other webi report opening blank page

    I have put the hyperlink to link to the other webi report. But once I click on the links. It open the report with blank page. I have tried it in View mode or Edit mode, the browser will open up another blank page. Following is my links:
    <a href="http://server_name:28080/OpenDocument/opendoc/openDocument.jsp?sType=wid&sRefresh=Y&sWindow=Same" title="Page1" nav="web">Link to Page2</a>
    any advice? Thanks

    http://server_name:8080/OpenDocument/opendoc/openDocument.jsp?iDocID=AciEzxbPmxdHtQwnB4RHaCo&sType=wid&sIDType=CUID&sWindow=New
    Make sure the followings:
    1. The webserver runs at port 8080 (if not, use the correct port)
    2. the CUID is correctly copied.
    3. the target report here is a webi report. (sType=wid)
    4. the server name is correctly mentioned.
    5. you are using JAVA environment.
    If still this does not work, then please let us know :
    Are you getting any error? if yes, what error you are getting.?

  • What is necessary for a web host in order to run Flex apps? How to configure?

    I did find a few past postings on the forum but none seemed
    to address the problem.
    Can somebody who had hands on experience share his/her
    knowledge about a migrating a Flex application to production
    environment? Do I need to modify any settings? When I transfer the
    bin folder contents the UI works fine but the data connection
    throws errors.
    Does the web host need to have any specific software
    installed? More specifically, my host has CF 7 but do not have Flex
    data services installed. All I use is RemoteObject so I guess this
    can be done without Flex data services. Is this correct?
    Finally, if you can refer me to a configuration guide that
    the web host would need to follow, it would be greatly appreciated.
    Thanks for your time in advance.
    Emre

    Thanks for the response, here is the error message that I am
    getting.
    (mx.rpc::Fault)#0
    errorID = 0
    faultCode = "Server.Processing"
    faultDetail = (null)
    faultString = "Permission denied"
    message = "faultCode:Server.Processing
    faultString:'Permission denied' faultDetail:'null'"
    name = "Error"
    rootCause = (Object)#1
    cause = (null)
    localizedMessage = "Permission denied"
    message = "Permission denied"
    Obviously some data connection is failing due to permissions.
    My host, however, does not know what permisson is causing it and
    what the fix would be. Thanks for the input in advance

  • How to configure the .EAR to the OC4J server step by step ?

    I have configured the JavaBean of the OC4J server with the following step:
    1.create the eosp.ear with the JDeveloper's wizard
    2.copy the eosp.ear to the OC4J Server with the Path:
    J2EE_HOME/applications/
    3.modify the server.xml and add the following words:
    <application name="eosp" path="../applications/eosp.ear" auto-start="true"/>
    4.restart the OC4J server and show the information:
    Auto-deploying eosp (New server version detected)...
    5.create the new JSP and this source code is:
    <%@ page import="com.beautybeard.eosp.common.*"%>
    <%@ page import="com.beautybeard.eosp.constant.*"%>
    6.visit the JSP and show the error information:
    Error parsing JSP page /eosp/usr_profile/login.jsp
    Syntax error in source/eosp/usr_profile/login.jsp.java:5: Package com.beautybeard.eosp.common not found in import.import com.beautybeard.eosp.common.*; ^/eosp/usr_profile/login.jsp.java:6: Package com.beautybeard.eosp.constant not found in import.import com.beautybeard.eosp.constant.*; ^2 errors
    why?
    why can not find the package?
    please help me out

    Hi Sky-
    It looks like you have a web application only.
    You need to create a war file as described above. A war file is a jar'd file containing your web components, including your javabean class files, etc. JDeveloper 9i can do this for you. You've already done the hard work. Suppose that the project you have created that contains your javabeans, etc in JDev 9i is called myproject (with myproject.jpr as the project file). Right click on the myproject.jpr in the JDev navigator and select 'new...', go to Deployment Profiles and select J2EE Web Module (WAR File) - a general screen will pop up asking you to save the deployment profile (you can just use the default if you want). Once you select OK on that, you will get a screen that calls itself the J2EE Web Module Deployment Profile Settings. This is the screen that you can use to enter your information.
    Your servlet and javabean classes will go into WEB-INF/classes subdirectory that you see to your left in this window. Simply select the WEB-INF/classes entry and it will display a list of your java sources (it will only place the compiled output in this directory - there is a toggle for it).
    Once you have specified that your javabean and servlet classes go in this directory, you should be set. Go ahead and save / close. In your navigation screen under your project (myproject.jpr or whatever your project name is) you will see your files, jsps, etc and something called webapp1.deploy (if you accepted the default). If you right-click on that, you will get a menu that asks a number of things, one of which is to Deploy to EAR file. Select that entry and it will create an ear file for you. You can play with the various settings to change the name of the ear file, but that's about all you have to do. Once this is completed, you can put the EAR file on your linux box or wherever you want, adjust your server.xml and default-web-app.xml files and launch the app!
    Good luck!
    Ray
    Hi,Ray
    Thank you for giving me the detail information!
    I'm sorry that I can not give the detail and clear problem ,which make you delusoried.
    ok,now I give you my aim.
    1. I will construct my application system with JavaBean(not EJB),Servlet,JSPs (linux+IAS+JDeveloper+Oracle8i database)
    2. I will package business function with JavaBean. example:
    * CheckLogin.java
    package com.beautybeard.eosp.javabean.usrprofile;
    import com.beautybeard.eosp.common.*;
    import com.beautybeard.eosp.data.*;
    import java.io.*;
    import java.lang.*;
    public class CheckLogin{
    public CheckLogin()
    //do nothing here
    public boolean getCheckLogin(){
    3. I will control the request and response with Servlets.
    example:
    *CheckLoginSevlet.java
    package com.beautybeard.eosp.servlet.usrprofile;
    import javax.servlet.*;
    import javax.servlet.http.*;
    import java.io.*;
    import java.util.*;
    import java.sql.*;
    import com.beautybeard.eosp.servlet.*;
    import com.beautybeard.eosp.javabean.usrprofile.*;
    public class CheckLoginServlet extends DefaultServlet
    public void service(HttpServletRequest req,HttpServletResponse res) throws IOException, ServletException
    //use the JavaBean
    CheckLogin cl = new CheckLogin();
    if (cl.getCheckLogin){
    res.sendRedirect("login.jsp");
    }else{
    res.sendRedirect("err.jsp");
    4. I will display the result with JSPs:
    example:
    <%//login.jsp%>
    <%@ page import="com.beautybeard.eosp.common.*"%>
    <%@ page import="com.beautybeard.eosp.data.*"%>
    5. I have success on running the above steps in the 9iJDevelper(pure java) environment(OS:Windows 2000 Server), and now I will move the JSPs ,Servlets,JavaBeans to the Server(linux) without the JDeveloper's deployment wizard.
    how to configure the IAS to carry my point?
    thank you!
    Sky liu

  • How to find out logs related to which server, If i have 2 WFE's in the farm. How to configure logs path?

    Hi,
    I got this doubt, when searching logs on the servers. I have 2 WFE's in my farm, I got an error from enduser. So in which WFE server i need to check the logs.
    How to configure logs path. Is it is possible to specify logs path on our own instead of 14 hive folder.
    Badri

    That is a really bad idea, especially with idle disconnects and other unreliability of CIFS.
    You should instead check out the command
    Merge-SPLogFiles which will allow you to combine ULS logs from multiple servers into a single file.
    You can certainly specify your own path, but the path must be available on all servers. For example, if you specified D:\Logs, D:\Logs must exist on all SharePoint servers within the farm.
    Trevor Seward
    Follow or contact me at...
    &nbsp&nbsp
    This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

  • Cannot access internal web server from same lan

    i cant resolve one problem in may 1921 ISR router, i have a web server in my internal lan , i set up static nat for accessing that web server from outside and it works fine but i cannot view that site from internal workstations can you suggest me what to do. i need packets to go out the outgoing interface of router and then come back and enter the static nat wich will direct to the web server is it possible?
    static nat is
    ip nat inside source static tcp  <local web server adress> 80 <global address> 80
    also i have set up dinamic nat for outgoing trafic
    ip nat inside source list <access-list> interface <outgoing interface>   
    and it is working fine too.
    on external interface i have nat outside
    on internal interface i have nat inside

    This is not working because your router has a direct to your web server that is not through the outside interface which is needed for nat to occur, for this to work you need to setup a loopback interface as nat outside and policy route traffic to there for your server traffic
    Bu if your server is internal why do you need nat at all? Can you not use bind with views that might be simpler
    M
    Sent from Cisco Technical Support iPad App

  • NAT/PAT Setup with internal web server.

    Environment:
    Web Server inside and 10 internal workstations.
    One external public IP address.
    Cisco Router 806 with HTTP server enable.
    Conditions:
    External users have to be able to access the web server.
    The internal users have to be able to access the web server via the "EXTERNAL" IP address. Since they are using an external DNS.
    Scenario:
    The internal workstation request from external DNS address for the web server.
    DNS replies with external IP address.
    Workstation attempts to connect to web server via external IP address.
    Connection fails at the router showing the router's HTTP logon page.
    We are trying to implement NAT/PAT inside, with static assignment to port 80 to the internal web server.
    Thanks, Pat Askins.

    You need to use cisco NAT virtual interface,
    Example:
    your internal network web server ip 192.168.1.10/24 Fa0 router Fa1 Public Ip address 1.1.1.1
    here is what you need to configure in NAT router to resolve your issue:
    int fa0
    ip nat enable
    no ip redirects
    int fa 1
    ip nat enable
    no ip redirects
    ip nat source static tcp 192.168.1.10 80 1.1.1.1 80 overload
    ip nat source list 1 interface fa0 overload
    access-list 1 permit 192.168.1.0 0.0.0.255
    now you can try access to your 1.1.1.1:80 from inside network.

  • How to configure DNS server to redirect all web traffic to one external website?

    I'd like to use the DNS service on my OS X Server as a way to force all all web traffic to one specific, external website. Not quite sure how to go about configuring it, though - any recommendations?
    (BTW, this is, obviously, not our primary DNS server; I intend to silently update the preferred DNS server for users who fail to complete their timesheets in order to force the issue)

    Web clients don't generate uniquely-identifiable DNS queries; there's no SRV request or related traffic that you could select on and spoof.  So if you do implement this, everything querying the spoofing DNS server will get the spoofed host, or you'll have to spot specific queries that are likely web queries; Facebook, Google, Bing, etc. 
    If you still want to implement this, then I'd probably replace the DNS server with a runt DNS server (maybe hack dnsmasq or maraDNS, or create yourself a trivial DNS server) and have that always return the specified IP address.  This avoids having to hack BIND to be universally authoritative, which is probably on par with hacking a simpler DNS server to always return a fixed IP address, and the latter is probably easier to undo.
    A firewall can spot TCP port 80 and port 443 traffic, unlike a DNS server.   Firewalling outbound port 80 traffic is more typical of these requests, and either trap that traffic to a specific web page based on the capabilities of the firewall, or the web proxy approach that Camelot suggests.  There are folks that tie access into the web proxies into external authentication and related; that'd be able to do what you want.   Web proxies are usually combined with firewall blocks, as most sites want only the web proxy to have external access, too.  But this is also rather more pieces than a DNS redirect, too.

  • 500 Internal Server error while launching Web Analysis

    Hi,
    I've a production machine on which Web Analysis is installed, and it was working fine for almost a year now.
    But today when I'm launching it is resulting in the following error,
    Internal Server Error
    The server encountered an internal error or misconfiguration and was unable to complete your request.
    Please contact the server administrator, [email protected] and inform them of the time the error occurred, and anything you might have done that may have caused the error.
    More information about this error may be available in the server error log.
    Apache/2.0.52 (Unix) DAV/2 Server at mymachine.in.com Port 19000
    Please help me on this, thank you

    Guys,
    I've stopped all Hyperion services and started them again and now everything is working fine.
    Was interested to find out reasons for the error.

  • I plan to upgrade the SSRS 2005 SP2 enterprise edition in our internal web server to 2005 SP4, the Reporting server database is hosted in another sql server in sql server 2005 SP4. Do I need to do anything on the reporting server database side?

    My question is what the steps do I need to take to upgrade SSRS from 2005 SP2 to SP4.  The web server that host the SSRS is in 2005 SP2, and the OS is in window 2003. 
    Our SSRS report server and report server database are in different servers.  The SSRS in the web server is in 2005 SP2 enterprise edition, the report server database is in sql server 2005 SP4 enterprise edition.
    To upgrade the SSRS in web server from 2005 sp2 to sp4, do I need to backup/restore the encryption key?  Nothing will be changed in the report server database.  We will still pointing to the same database in the current server, all
    I wanted to do is performing a inplace upgrade of SSRS from 2005 SP2 to SP4.  
    Any response will be greate appreciated.  Thank you!
    Li-hui Chen

    Hi Lihui Chen,
    According to your description, you want to install the Services Pack 4 for SQL Server. Right?
    In SQL Server, Services Packs are used for fixing issues of current version product. It's not an Upgrade, you don't have to backup/restore your encryption key. You just need to download the Service Pack 4 on:
    Microsoft SQL Server 2005 Service Pack 4 RTM  . Please make sure you have administrative rights on the computer to install SQL Server 2005 SP4. For more information, see links below:
    How to obtain the latest service pack for SQL Server 2005
    List of the issues that are fixed in SQL Server 2005 Service Pack 4
    SQL Server 2005 SP4, KBA 2463332, Installation Issues
    If you have any question, please feel free to ask.
    Best Regards,
    Simon Hou

  • I have a problem with two PDF's when trying to open them through a link on a web page. The two PDF's open fine with Adobe on my own PC and on the server I have copied it to but when they are opened through a link on a web page (pointing to the server wher

    I have a problem with two PDF's when trying to open them through a link on a web page. The two PDF's open fine with Adobe on my own PC and on the server I have copied it to but when they are opened through a link on a web page (pointing to the server where the PDFs open fine) I get an error 'There was an error processing a page. Invalid function resource' The other one just doesn't open at all. Can anyone help with this please?

    Hello,
    Are the pdf linked correctly in the website? Is this a public website? If yes, please post the link here.
    ~Deepak

  • When I try to access a web page or link from a web page I receive an error message like "Server not found" or "Unable to connect." After repeated "try again" attempts the page will load, but when I click on a button or link, the same thing repeats. Why?

    When I try to access any web page or any link from a web page, I receive an error message such as "Server not found" or "Unable to connect." After repeated "try again" attempts that the page will load, but as soon as I click on a button or link, the same thing repeats. Any suggestions?

    When I try to access any web page or any link from a web page, I receive an error message such as "Server not found" or "Unable to connect." After repeated "try again" attempts that the page will load, but as soon as I click on a button or link, the same thing repeats. Any suggestions?

  • RPAS Web Deployment -  Error 500--Internal Server Error

    Trying to install the RPAS Client 13.2 via the Web Deployment using Weblogic WITHOUT Single SignOn (SSO).
    The RPAS.war file was un-jarred, propfile modified and re-jarred. The RPAS.war file was deployed into Weblogic (10.3.2) and is active. When I try to run the RPAS Web Config from Iexplorer, I received the following error message:
    Error 500--Internal Server Error
    java.lang.NullPointerException
         at com.retek.mdap.server.servlet.ServletManager.init(Unknown Source)
         at weblogic.servlet.internal.StubSecurityHelper$ServletInitAction.run(StubSecurityHelper.java:283)
         at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
         at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
         at weblogic.servlet.internal.StubSecurityHelper.createServlet(StubSecurityHelper.java:64)
         at weblogic.servlet.internal.StubLifecycleHelper.createOneInstance(StubLifecycleHelper.java:58)
         at weblogic.servlet.internal.StubLifecycleHelper.(StubLifecycleHelper.java:48)
         at weblogic.servlet.internal.ServletStubImpl.prepareServlet(ServletStubImpl.java:531)
         at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:235)
         at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
         at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
         at oracle.dms.wls.DMSServletFilter.doFilter(DMSServletFilter.java:326)
         at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
         at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3592)
         at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
         at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
         at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2202)
         at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2108)
         at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1432)
         at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
         at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
    Here's the modified propfile:
    # The following locations must be configured by administrators based on their
    # installation
    # /nfs/path/to/data/RPASWebData
    # /app/weblogic/rpas132
    dbPath=/app/weblogic/rpas132/RPASWebData/db
    clientSourceDir=/app/weblogic/rpas132/RPASWebData/client
    tunnelLogFile=/app/weblogic/rpas132/RPASWebData/logs/tunnel.NDCVRPASP02.PRODUCTION.FR-PROD.XX.COM.log
    webLogFile=/app/weblogic/rpas132/RPASWebData/logs/rpasPortal.NDCVRPASP02.PRODUCTION.FR-PROD.XX.COM.log
    isOSSO=false
    debug=false
    classicMode=false
    launchPreinstalledOnly=false
    supportMultipleVersions=false
    defaultInstallDir=C:\\RPASClient
    Edited by: user1438559 on Oct 20, 2010 7:20 AM
    Edited by: user1438559 on Oct 20, 2010 7:22 AM
    Edited by: user1438559 on Oct 20, 2010 7:22 AM

    Addition to my original issue...
    Since I could not get the RPAS Web Deployment to work on WebLogic Server (without SSO Support), I thought I would try the install on Apache Tomcat.
    This worked out of the box without any issues, so it seems my issue is on the WebLogic Server. Does anyone have any feedback on why it doesn't work on WebLogic?

  • Server error while navigating 'Options' link in 'Outlook Web App.'

    Hi,
    Step 1: Navigate Web Outlook (say
    https://webmail.t-mobile.com) 
    step 2: Navigate "Options" link (next to 'Change password'
    link) in Outlook Web App. (Browser: ie11, Google Chrome)
    step 3:
    You will be broken; your page will give some server error.
    Note:
    I am not able to attach screen shoot because of my account is not verify till now :(
    Thanks
    Shardendu Jha

    That is not an Outlook issue but an OWA issue.
    You'll need to contact the support department or Exchange administrator of this domain and notify them of it as they haven't properly implemented the password change feature for OWA behind a reverse proxy.
    Robert Sparnaaij
    [MVP-Outlook]
    Outlook guides and more: HowTo-Outlook.com
    Outlook Quick Tips: MSOutlook.info

  • 500 Internal Server Error while deploying Web Center App

    We have created a simple Web Center application in JDeveloper (10.1.3.2.0). Its runs fine when deployed on Stand Alone OC4J. We tried to deploy the same target .EAR (After following the steps mentioned in Oracle Web Center Documentation) on Oracle Web Center Suite 10.1.3.2.0 (Pre-Configured OC4J_WebCenter ). We ran the Pre Deployment to transform the Generic .EAR to Target .EAR with MDS path.
    We got the following exception when testing index page (i.e. index.jspx)
    http://172.10.130.37/ray/faces/index.jspx
    Exception:
    oracle.mds.exception.MDSRuntimeException: No metadata found for metadata object "/ViewController/public_html/index.jspx"
    No metadata found for metadata object "/ViewController/public_html/index.jspx"
    Here's the[b] log of Application:
    JspServlet: unable to dispatch to requested page: Exception:oracle.mds.exception.MDSRuntimeException: No
    metadata found for metadata object "/ViewController/public_html/index.jspx"
    Any help would be extremely appreciated.

    chao.yang wrote:
    Please check if you have the following files in your server's application directories:
    1. <WAR>/WEB-INF/ad-config.xml
    2. <WAR>/META-INF/connections.xml
    if no, please do the following thing:
    1. copy <EAR>/adf/META-INF/ad-config.xml to <WAR>/WEB-INF/
    2. copy <EAR>/adf/META-INF/connections.xml to <WAR>/META-INF/
    3. Retart your OC4J instance, and test your page again.This did not solve my similar issue. What did solve my issue was the following:
    After deployment, I changed the metadata-store metadata-path property value found in <WAR>\WEB-INF\adf-config.xml to the MDS path specified in Predeployment, where <WAR> is the deployment location.
    My question is, why does the pre/deployment process not update this value correctly?

Maybe you are looking for

  • How Do I Change the Padding in Table Cells

    Hi, I am trying to set up a table that will allow text to fill the entire cell. I know that if I double click an individual cell, the left and right boundaries of the cell will be displayed on the ruler. However, I can't select multiple cells (even i

  • Delivery address in a PR

    Hi all,   When I am trying to do external procurement( subcontracting)for  a third party from a service order , the third party ( MT) PR which is getting generated is having the delivery address as the address of the plant and not the customer.I am n

  • I bought an iphone from ebay however it is locked and i only have the email address but they wont reply

    I bought an iphone from ebay however it is locked and i only have the email address but they wont reply to me. What can i do??

  • I am done with Apple!

    I brought my 2009 macbook pro in for repair on 11/5/12.  It came back a couple days later from the repair depot and I paid $322.60 for it.  I noticed that it froze up when playing videos, so I brought it back in for repair on 12/7/12.  I got it back

  • Why do exported JPGs appear darker than the processed RAW in the LR3 Development module?

    I have scoured the forums with this question, and I have seen plenty of suggestions about color space and monitor calibration.  However, I never seem to find that the issue gets resolved in the forums. I am using Lightroom 3, and I am exporting to JP