[Macpartners] mapping ports on http requests

Allan Doyle afdoyle at MIT.EDU
Wed Apr 8 13:16:34 EDT 2009 

I just tried setting up a proxy here to see if this will work. It  
looks like it will. You can see the results here:

   http://holography.mit.edu

(Note - I'm going to turn this off again in a day or so)

All I did in the Apache config was to add the following 2 lines:

ProxyPass / http://franc2.mit.edu:8000/
ProxyPassReverse / http://franc2.mit.edu:8000/

Depending on what version of Mac OS X you're running, setting this up  
will vary slightly. But in essence, you have to (a) turn on Apache,  
and (b) add this into the configuration.

Turning on Apache is usually a matter of going into System Preferences- 
 >Sharing and turning on Web Sharing.

Then, if you are running 10.5, add the Proxy lines to /etc/httpd/ 
httpd.conf

If you're using 10.4 or earlier, I think the file is at /etc/httpd.conf.

To make the system reload the configuration, it may be easiest to turn  
off web sharing via System Preferences and then to turn it on again.

	Allan

On Apr 8, 2009, at 12:47 PM, Mark Klein wrote:

>
> Scott & Quentin,
>
> Thanks for the pointers. When the IPFW forwarding rule is in place,  
> I get an "unknown virtual host" error from cl-http. My guess is that  
> cl-http is complaining because the packets were originally addressed  
> to port 80, even though they were redirected to port 8000. So I can  
> see at least two possibilities:
>
> 1) write NATD/IPFW rules such the packets themselves are changed so  
> they look like they were originally sent to port 8000, so cl-http  
> doesn't complain
>
> 2) I can build a cl-http virtual host
>
> Any ideas on which is easier? Any pointers on how to do (1) or (2)  
> above?
>
>    Thanks,
>
> 	Mark
>
>
>>> Thanks for the directions. Unfortunately, they didn't  work for  
>>> me. My web server listens to http://franc2.mit.edu:8000/. I set  
>>> the IPFW rules, with the following result:
>>>
>>> FRANC2:~ markklein$ sudo ipfw list
>>> 01000 fwd 127.0.0.1,8000 tcp from any to any dst-port 80 in
>>> 01100 allow ip from any to any dst-port 8000 in
>>> 65535 allow ip from any to any
>>>
>>> which looks right. But when I direct my browser to http://franc2.mit.edu/ 
>>> , i get the following error:
>>>
>>> 	Bad Request: Unknown Virtual Host
>>> 	The virtual host franc2.mit.edu on port 80 is unknown.
>>>
>>> Any ideas? Do I need to change anything else, e.g. the firewall  
>>> settings in the security control panel? Does the system need to be  
>>> rebooted for changes to take effect? Why does the ipfw rule  
>>> reference 127.0.0.1? Is that the address reserved for routers? My  
>>> server's ip is 18.36.1.44.
>>
>> Hi,
>>   I looked on an older OSX box (client, not server) on which we're  
>> running a web-served database, and it has the same ipfw rule on  
>> it.  I also found the utility I originally used to generate the  
>> rule - It's a small app called Simple Port Forwarder, and it's used  
>> just for solving this problem.  I've included it with this msg, as  
>> well as a pic of how it's set on our machine (we use port 8080  
>> instead of 8000, but everything else should be the same).  There's  
>> more info in its readme which may help you.
>>
>>   Regarding your questions - I don't believe anything else needs to  
>> change in the security syspref (The firewall has to be on, of  
>> course).  The system shouldn't need to be rebooted, and doing so  
>> may even cause you some headaches - check the readme for more  
>> info.  The rule references IP address 127.0.0.1 because that's the  
>> localhost address on that machine - packets sent to it will always  
>> go to your local machine.  You can try using 18.36.1.44 instead,  
>> but remember to change the rule if you ever have to change that IP  
>> address.
>>
>>   I hope this works for you - let me know how it goes...
>>
>>                                                       ---SCJ
>>
>>
>>
>>
>>> Thanks,
>>>
>>> 	Mark
>>>
>>>
>>
>>
>> -- 
>> Scott C. Jensen
>> Asst. Director, Office of Info Services
>>  MIT Corporate Relations - Industrial Liaison Program
>>    Room W98-050    600 Memorial Drive   Cambridge, MA   02139
>>      617/253-0441      FAX: 617/258-0796     Email: jensen at mit.edu
>>
>>
>> <pastedGraphic.png>
>>
>>
>>
>> <SPF_1.2.dmg>
>
> -----------------
> Mark Klein
> Principal Research Scientist
> MIT Center for Collective Intelligence
> http://cci.mit.edu/klein/
>
>
>
>

-- 
Allan Doyle
Director of Technology
MIT Museum | http://web.mit.edu/museum | +1.617.452.2111

More information about the Macpartners mailing list