Multihoming & port forwarding

Murus
Post Reply
chrisbunch
Posts: 2
Joined: Wed Nov 18, 2015 10:08 am

Multihoming & port forwarding

Post by chrisbunch » Wed Nov 18, 2015 10:20 am

Hi -

I am configuring a MacMini as a server. It will be running two separate web servers on different IP addresses (multihoming), one of which needs to run on a non-system port (say 8080) so that interface needs to forward incoming traffic for port 80 to 8080.

I have set up two network interfaces in NetworkPreferences with different IP addresses but I am only seeing one in the Murus dashboard (at the moment, for testing, these are wireless interfaces on a private LAN but in production they will be wired WAN addresses).

I have this working successfully on an existing server (to be replaced by this one) using ipfw under Tiger but am not clear how best to configure this in PF/Murus.

Any help appreciated!

C

hany
Posts: 485
Joined: Wed Dec 10, 2014 5:20 pm

Re: Multihoming & port forwarding

Post by hany » Wed Nov 18, 2015 1:25 pm

I am configuring a MacMini as a server. It will be running two separate web servers on different IP addresses (multihoming), one of which needs to run on a non-system port (say 8080) so that interface needs to forward incoming traffic for port 80 to 8080.
basically you can tell pf to :
1) pass all inbound connections from everyone to every port 80 (you do this managing "WEB" service in Managed Inbound Services)
2) tell pf to redirect all inbound connections from everyone to your 2nd interface's IP Address port 80 to your 2nd interface's IP Address port 8080 (you do this with a custom pf redirection rule)
I have set up two network interfaces in NetworkPreferences with different IP addresses but I am only seeing one in the Murus dashboard (at the moment, for testing, these are wireless interfaces on a private LAN but in production they will be wired WAN addresses).
probably you must quit and relaunch Murus. Interfaces list does not automatically update, unfortunately. Not yet.
If main Murus interfaces panel (the one with interfaces icons) still does not show your interface then probably it's a Murus bug. However I bet that the Murus custom rules popover (the one you use it to define and add custom pf rules) will correctly show your interface in the 'interface' popup button. That's the one that matters. And in case that Murus popup is bugged too, then you can add a custom manual rule (clicking the big gear button in custom rules popover) and write down your rule by hand, including your interface. If the interface is up, PF will accept your rule even if Murus does not show your interface.

chrisbunch
Posts: 2
Joined: Wed Nov 18, 2015 10:08 am

Re: Multihoming & port forwarding

Post by chrisbunch » Thu Nov 19, 2015 4:02 pm

Thank you hany: this has been most helpful and I now have it working (though I first had to strip out the Apple server.app and its Apache configuration stuff as its behaviour was confounding!)
If main Murus interfaces panel (the one with interfaces icons) still does not show your interface then probably it's a Murus bug
The icon for the interface involved (en1) does show up but with only one of the two configured IPs:

Code: Select all

cb$ ifconfig en1
en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
	ether 70:73:cb:c1:a6:ab 
	inet6 fe80::7273:cbff:fec1:a6ab%en1 prefixlen 64 scopeid 0x6 
	inet 192.168.1.51 netmask 0xffffffc0 broadcast 192.168.1.63
	inet 192.168.1.52 netmask 0xffffffc0 broadcast 192.168.1.63
However, as you say, this doesn't matter as I needed to add a custom rule anyway:

Code: Select all

rdr pass inet proto tcp from any to 192.168.1.51 port 80 -> 127.0.0.1 port 8080

Post Reply