Bug 21056

Summary: Apache 1.3 Virtual Hosts don't work on 4.0-RELEASE
Product: Base System Reporter: oseberg <oseberg>
Component: miscAssignee: freebsd-bugs (Nobody) <bugs>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: 4.0-RELEASE   
Hardware: Any   
OS: Any   

Description oseberg 2000-09-05 08:20:01 UTC 
Virtual Hosts on Apache 1.3.12 on FreeBSD 3.2, but doesn't work on FreeBSD 4.0

How-To-Repeat: Try to set up Virtual Hosts on Apache 1.3.12 on FreeBSD 4.0-RELEASE
Comment 1 Sheldon Hearn freebsd_committer freebsd_triage 2000-09-05 09:57:41 UTC 
State Changed
From-To: open->closed

"Doesn't work" isn't a problem description that anyone can really 
work with for such a complex beast as Apache.  "Try to set up" 
isn't a feasible How-To-Repeat either, again because of the  
complexity and number of variables within the scenario. 

Please either ask for help on the <freebsd-questions> mailing  
list (if you're not 100% sure that this is a bug in FreeBSD) 
or refile a new PR that provides enough information for the 
Apache port maintainer to work with.  Such information might 
include the output of ifconfig -a, nslookup output for 
each IP address identified, and your Apache config files.
Comment 2 oseberg 2000-09-07 20:13:48 UTC 
It turns out that the problem is with the firewall/nat combination
which I'm using.

Basically, when someone from the internet is accessing the web
server, the web server believes that they are comming in from
the internal IP rather than the external IP.

The way I fixed the problem was I added name virtual host entries
to the Apache config file for the internal IP numbers as well as
for the external IP numbers.

I also added a name for my interal IP number in /etc/hosts so that
Apache wouldn't have any problems looking it up.

For my firewall configuration, I added to my kernel:
options         IPFIREWALL              # Firewall
options         IPFIREWALL_VERBOSE      # Print information about
                                        # dropped packets
options         IPFIREWALL_DEFAULT_TO_ACCEPT # Allow everything by
                                        # default
options         IPDIVERT                # Divert sockets
options         IPFILTER                # Kernel ipfilter support
options         IPFILTER_LOG            # Ipfilter logging


Then I added to my rc.config file:
# Normal stuff
network_interfaces="dc0 lo0"
ifconfig_dc0="inet 216.15.83.94  netmask 255.255.255.224"
defaultrouter="216.15.83.65"
hostname="alpha.etiam.net"
sendmail_enable="NO"    # Run the sendmail daemon (or NO).

# NAT stuff
natd_enable="YES"
natd_interface="dc0"
ifconfig_dc0_alias0="inet 192.168.1.1  netmask 255.255.0.0"
natd_flags="-redirect_address 192.168.1.1 216.15.83.94"

# Firewall stuff.
firewall_enable="YES"
firewall_quiet="NO"
firewall_type="OPEN"
gateway_enable="YES"
tcp_extensions="YES"

##################################################################
To sum things up, there's definatly a strange problem with FreeBSD 4.0
which doesn't exist in pre-4.0 FreeBSD, but there's an easy workaround,
so this problem isn't really a big issue.

What's a big issue is the fact that it was extremely difficult to
diagnose the problem. I'm posting this followup in order to help
others who might want to have the same or similar setup resolve
their problems more efficiently.

(setup: Firewall, NAT, Apache, Name Virtual Hosts)

Terje Oseberg
_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.

Share information about yourself, create your own public profile at 
http://profiles.msn.com.
Comment 3 Sheldon Hearn 2000-09-08 13:41:06 UTC 
On Thu, 07 Sep 2000 12:20:02 MST, "Terje Oseberg" wrote:

>  To sum things up, there's definatly a strange problem with FreeBSD 4.0
>  which doesn't exist in pre-4.0 FreeBSD, but there's an easy workaround,
>  so this problem isn't really a big issue.

It might be interesting to hear whether you experience similar problems
with FreeBSD 4.1-RELEASE or 4.1-STABLE.

Ciao,
Sheldon.