Topologia: Internet<------>VDSL modem bridge <------>RB450_PPPoE_GW<------>LAN
V LAN je jeden fyzicky server s apache (vhosts).
Niekolko virtual hostov pouziva sifrovany pristup na web (https)
Pre https mam v MK ip firewall nat a toto funguje dobre
;;; virtualhost_z_vonku_ssl_443
chain=dstnat action=dst-nat to-addresses=192.168.1.3 to-ports=443 protocol=tcp in-interface=pppoe-out1
dst-port=443 log=no log-prefix=""
Pre http mam v MK ip firewall nat a toto nefunguje vobec
;;; virtualhost_z_vonku
chain=dstnat action=dst-nat to-addresses=192.168.1.3 to-ports=80 protocol=tcp in-interface=pppoe-out1
dst-port=80 log=no log-prefix=""
Vypol som v MK firewall (vyposol som firewall aj na servery) ale z vonka sa na http nedostanem
Virtualhosty pre http su nakonfigurovane
<VirtualHost *:80>
ServerAdmin webmaster@localhost
ServerName domena.ddns.info
ServerAlias www.domena.ddns.info
DocumentRoot /var/www/www.domena.ddns.info
<Directory />
Options FollowSymLinks
AllowOverride All
</Directory>
<Directory /var/www/www.domena.ddns.info/>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
Pravdepodbne sa paket z vonka nedostane ani na MK, pretoze na MK v NAT mam 0 pakets, 0 Bytes.
Nemam ponatia co to moze blokovat.
Pamatam sa, ze niekedy davno (1-2 roky dozadu) mi to fungovalo normalne.
Samozrejme na servery som robil urcite nejake zmeny, ale to asi s tym nesuvisi, kedze pakaet nedojde ani do MK (resp. nieco ho blokuje.