[Macpartners] mapping ports on http requests

Quentin Smith quentin at MIT.EDU
Wed Apr 8 12:48:58 EDT 2009 

This isn't something that another type of port forwarding is going to fix. 
The packets get sent to the right place; the actual content of the request 
specifices the host that the client thinks it's contacting. The only way 
to fix this is to figure out how to configure cl-http.

--Quentin

On Wed, 8 Apr 2009, Mark Klein wrote:

>
> Scott & Quentin,
>
> Thanks for the pointers. When the IPFW forwarding rule is in place, I get an 
> "unknown virtual host" error from cl-http. My guess is that cl-http is 
> complaining because the packets were originally addressed to port 80, even 
> though they were redirected to port 8000. So I can see at least two 
> possibilities:
>
> 1) write NATD/IPFW rules such the packets themselves are changed so they look 
> like they were originally sent to port 8000, so cl-http doesn't complain
>
> 2) I can build a cl-http virtual host
>
> Any ideas on which is easier? Any pointers on how to do (1) or (2) above?
>
>   Thanks,
>
> 	Mark
>
>
>>> Thanks for the directions. Unfortunately, they didn't  work for me. My web 
>>> server listens to http://franc2.mit.edu:8000/. I set the IPFW rules, with 
>>> the following result:
>>> 
>>> FRANC2:~ markklein$ sudo ipfw list
>>> 01000 fwd 127.0.0.1,8000 tcp from any to any dst-port 80 in
>>> 01100 allow ip from any to any dst-port 8000 in
>>> 65535 allow ip from any to any
>>> 
>>> which looks right. But when I direct my browser to http://franc2.mit.edu/, 
>>> i get the following error:
>>>
>>> 	Bad Request: Unknown Virtual Host
>>> 	The virtual host franc2.mit.edu on port 80 is unknown.
>>> 
>>> Any ideas? Do I need to change anything else, e.g. the firewall settings 
>>> in the security control panel? Does the system need to be rebooted for 
>>> changes to take effect? Why does the ipfw rule reference 127.0.0.1? Is 
>>> that the address reserved for routers? My server's ip is 18.36.1.44.
>> 
>> Hi,
>>   I looked on an older OSX box (client, not server) on which we're running 
>> a web-served database, and it has the same ipfw rule on it.  I also found 
>> the utility I originally used to generate the rule - It's a small app 
>> called Simple Port Forwarder, and it's used just for solving this problem. 
>> I've included it with this msg, as well as a pic of how it's set on our 
>> machine (we use port 8080 instead of 8000, but everything else should be 
>> the same).  There's more info in its readme which may help you.
>>
>>   Regarding your questions - I don't believe anything else needs to change 
>> in the security syspref (The firewall has to be on, of course).  The system 
>> shouldn't need to be rebooted, and doing so may even cause you some 
>> headaches - check the readme for more info.  The rule references IP address 
>> 127.0.0.1 because that's the localhost address on that machine - packets 
>> sent to it will always go to your local machine.  You can try using 
>> 18.36.1.44 instead, but remember to change the rule if you ever have to 
>> change that IP address.
>>
>>   I hope this works for you - let me know how it goes...
>>
>>                                                       ---SCJ
>> 
>> 
>> 
>> 
>>> Thanks,
>>>
>>> 	Mark
>>> 
>>> 
>> 
>> 
>> -- 
>> Scott C. Jensen
>> Asst. Director, Office of Info Services
>>  MIT Corporate Relations - Industrial Liaison Program
>>    Room W98-050    600 Memorial Drive   Cambridge, MA   02139
>>      617/253-0441      FAX: 617/258-0796     Email: jensen at mit.edu
>> 
>> 
>> <pastedGraphic.png>
>> 
>> 
>> 
>> <SPF_1.2.dmg>
>
> -----------------
> Mark Klein
> Principal Research Scientist
> MIT Center for Collective Intelligence
> http://cci.mit.edu/klein/
>
>
>
>

More information about the Macpartners mailing list