Lessons & Learnings

from real life experiences and examples

Exercises on Routing

Disclaimer: These exercises are few among the number of demos available, to help you understand the routing concepts described in previous chapter.The tools used in them are not the only ones, there are many other softwares and tools which can be used to implement these concepts.

I am using VirtualBox to create virtual machines on my Laptop for the exercises below. You can use any other visualization software (VMware fusion etc) or physical machines. All the exercises below are done on Centos 6.6 vms.You can use Ubuntu or other Linux flavors if you want.

All you need are machines with Apache installed on them.

1. Port forwarding requests from 80 to 8080

I am going to setup an apache webservere www.example.com which will be running on port 8080.Since default http port is 80 so, port forwarding will be setup such that any request landing on 80 will be forwarded to port 8080. So the website can be accessed at the url http://www.example.com. I am going to use iptables to do this port-forwardin.

Make apache listen on port 8080 by default:

$ vi /etc/httpd/conf/httpd.conf
Listen 8080

Create your websites default http configuration as below:

$ vi /etc/httpd/conf.d/example.conf
NameVirtualHost 192.168.56.103:8080
<VirtualHost 192.168.56.103:8080>
   ServerName www.example.com
   DocumentRoot /var/www/html
   Redirect permanent / https://www.example.com
</VirtualHost>

Configure iptables to allow incoming traffic on port 80 and 8080:

sudo iptables -I INPUT 1 -p tcp --dport 80 -j ACCEPT
sudo iptables -I INPUT 1 -p tcp --dport 8080 -j ACCEPT

Configure port forwarding in iptables:

sudo iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080

Enable Logging for Iptables:

sudo iptables -A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j LOG --log-prefix "Port Forwarding" --log-level 4

Save the iptables entries:

sudo service iptables save > /etc/sysconfig/iptables.

Host file entries:

This I am using just my laptop for this exercise so I do not have a DNS server that can help in name resolution for the urls like test.com or example.com.
That is why I am doing host file entries in the virtual machines as well as my local laptop. Here is what the host file entries in all the machines look like:

$ vi /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.56.103 www.example.com  

Restart httpd service:

$ service httpd restart

Testing:

Let is check what the default page looks like on 8080:

curl http://www.example.com:8080
<h3>This is APP1</h3>

Now if I curl the same url on port 80 iptables should forward it to port 8080

kamalim$ curl http://www.example.com
<h3>This is APP1</h3>

Iptables log shows something as below:

Aug  8 14:39:15 vm2 kernel: Port ForwardingIN=eth1 OUT= MAC=08:00:27:ef:01:d8:0a:00:27:00:00:00:08:00 SRC=192.168.56.1 DST=192.168.56.103 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=46907 DF PROTO=TCP SPT=52187 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0

2. Reverse proxy using Apache

Here is how my setup looks like. Host machine is my own laptop from where I will be sending the requests.
VM1 is my reverse proxy server and VM2 is my internal app server.
I will setup two websites on VM2 : www.example.in and www.example.com
Setup reverse proxy on VM1 as below:
http://www.test.com/app1 => www.example.com
http://www.test.com/app2 => www.example.in

Install apache on both virtual machines (vm1 and vm2):

$ yum install httpd

Setup two websites example.com and example.in inVM2:

[root@www ~]# vi /etc/httpd/conf.d/example.conf
NameVirtualHost 192.168.56.103:80
<VirtualHost 192.168.56.103:80>
   ServerName www.example.com
   DocumentRoot /var/www/html/examplecom
</VirtualHost>
<VirtualHost 192.168.56.103:8080>
   ServerName www.example.in
   DocumentRoot /var/www/html/examplein
</VirtualHost>

Create two simple index files under the DocumentRoot of each websites:

$ vi /var/www/html/examplecom/index.html
h3>This is APP1</h3>
$ vi /var/www/html/examplein/index.html
h3>This is APP2</h3>

Test if both the internal websites are working on VM2:

We are using curl here which is a command line tool for getting or sending files using URL syntax.You can also test the urls directly from browser.

$ curl http://www.example.com
<h3>This is APP1</h3>

$ curl http://www.example.in
<h3>This is APP2</h3>

Setup the apache reverse proxy server on VM1:

$ vi /etc/httpd/conf.d/test.conf
NameVirtualHost 192.168.56.101:80
<VirtualHost 192.168.56.101:80>
   ServerName www.test.com
   ProxyPreserveHost On
   ProxyPass /app1 http://www.example.com
   ProxyPassReverse /app1 http://www.example.com
</VirtualHost>

<VirtualHost 192.168.56.101:80>
   ServerName www.test.com
   ProxyPreserveHost On
   ProxyPass /app2 http://www.example.in:8080
   ProxyPassReverse /app2 http://www.example.in:8080
</VirtualHost>

apache used a proxy module called mod_proxy and in the above configuration the attributes ProxyPass and ProxyPassReverse are for reverse proxy setup. Also the attribute ServerName means the incoming request should have the name www.test.com in the url.Thus all the names used in this exercise (example.com, example.in, test.com) should be resolvable.

Host file entries:

This I am using just my laptop for this exercise so I do not have a DNS server that can help in name resolution for the urls like test.com or example.com.
That is why I am doing host file entries in the virtual machines as well as my local laptop. Here is what the host file entries in all the machines look like:

$ vi /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.56.101 www.test.com
192.168.56.103 www.example.com www.example.in

Restart httpd service:

$ service httpd restart

Testing:
Test the reverse proxies by quering the proxy urls http://www.test.com/app1 and http://www.test.com/app2.The results should be same as above when you did testing with example.com and example.in.

$ curl http://www.test.com/app1
<h3>This is APP1</h3>

$ curl http://www.test.com/app2
<h3>This is APP2</h3>

This www.test.com(vm1: 192.168.56.101) is the reverse proxy server allowing requests for www.example.com(vm2:/var/www/html/examplecom/index.html) and www.example.in(vm2:/var/www/html/examplecin/index.html)

Next
Previous

Comments