[Macpartners] mapping ports on http requests

Mark Klein m_klein at MIT.EDU
Wed Apr 8 12:47:25 EDT 2009 

Scott & Quentin,

Thanks for the pointers. When the IPFW forwarding rule is in place, I  
get an "unknown virtual host" error from cl-http. My guess is that cl- 
http is complaining because the packets were originally addressed to  
port 80, even though they were redirected to port 8000. So I can see  
at least two possibilities:

1) write NATD/IPFW rules such the packets themselves are changed so  
they look like they were originally sent to port 8000, so cl-http  
doesn't complain

2) I can build a cl-http virtual host

Any ideas on which is easier? Any pointers on how to do (1) or (2)  
above?

     Thanks,

	Mark


>> Thanks for the directions. Unfortunately, they didn't  work for me.  
>> My web server listens to http://franc2.mit.edu:8000/. I set the  
>> IPFW rules, with the following result:
>>
>> FRANC2:~ markklein$ sudo ipfw list
>> 01000 fwd 127.0.0.1,8000 tcp from any to any dst-port 80 in
>> 01100 allow ip from any to any dst-port 8000 in
>> 65535 allow ip from any to any
>>
>> which looks right. But when I direct my browser to http://franc2.mit.edu/ 
>> , i get the following error:
>>
>> 	Bad Request: Unknown Virtual Host
>> 	The virtual host franc2.mit.edu on port 80 is unknown.
>>
>> Any ideas? Do I need to change anything else, e.g. the firewall  
>> settings in the security control panel? Does the system need to be  
>> rebooted for changes to take effect? Why does the ipfw rule  
>> reference 127.0.0.1? Is that the address reserved for routers? My  
>> server's ip is 18.36.1.44.
>
> Hi,
>    I looked on an older OSX box (client, not server) on which we're  
> running a web-served database, and it has the same ipfw rule on it.   
> I also found the utility I originally used to generate the rule -  
> It's a small app called Simple Port Forwarder, and it's used just  
> for solving this problem.  I've included it with this msg, as well  
> as a pic of how it's set on our machine (we use port 8080 instead of  
> 8000, but everything else should be the same).  There's more info in  
> its readme which may help you.
>
>    Regarding your questions - I don't believe anything else needs to  
> change in the security syspref (The firewall has to be on, of  
> course).  The system shouldn't need to be rebooted, and doing so may  
> even cause you some headaches - check the readme for more info.  The  
> rule references IP address 127.0.0.1 because that's the localhost  
> address on that machine - packets sent to it will always go to your  
> local machine.  You can try using 18.36.1.44 instead, but remember  
> to change the rule if you ever have to change that IP address.
>
>    I hope this works for you - let me know how it goes...
>
>                                                        ---SCJ
>
>
>
>
>>  Thanks,
>>
>> 	Mark
>>
>>
>
>
> -- 
> Scott C. Jensen
> Asst. Director, Office of Info Services
>   MIT Corporate Relations - Industrial Liaison Program
>     Room W98-050    600 Memorial Drive   Cambridge, MA   02139
>       617/253-0441      FAX: 617/258-0796     Email: jensen at mit.edu
>
>
> <pastedGraphic.png>
>
>
>
> <SPF_1.2.dmg>

-----------------
Mark Klein
Principal Research Scientist
MIT Center for Collective Intelligence
http://cci.mit.edu/klein/

More information about the Macpartners mailing list