Support for 2 servers with the Firewall routing incoming traffic to both servers.

Web hosting discussion, programming, and shared and dedicated servers.
8 posts Page 1 of 1
by memartinez » Mon Apr 23, 2018 11:36 am
I am in the process of migrating to a new server with HTTP, HTTPS, mail, Name, etc services. I am trying to migrate port 80 HTTP service to the new server. However, every time I switched the port from the current server to the new server, the Firewall did not rout to the new server. I defined the new server IP and the status is ON. I need to know if the Firewall supports routing to multiple servers? If yes, I will need help configuring it.

Thanks...
by ngufra » Mon Apr 23, 2018 12:18 pm
I think you will need to provide a little more background information to make it worth spending the time to assume things in replies.
by memartinez » Mon Apr 23, 2018 12:44 pm
I have an old server (hardware) that needs replacing. The current server is running several services including http (port 80), https (port 443), named (port 53), etc. I installed the OS, and all the required services in the new hardware. Now I am ready to start the migration of the services to the new server (hardware). I defined the new server IP to the Firewall and when I switched the incoming port 80 (HTTP) traffic to route to the new server (hardware), the firewall stopped routing. I need to gradually migrate the ports in order to control the data portion of the migration. However, when I tested port 80 behind the firewall, it reply correctly.
by memartinez » Mon Apr 23, 2018 12:49 pm
There is 1 more peace of critical information. The router is a Sonic modem/firewall.
by ngufra » Mon Apr 23, 2018 12:53 pm
What kind of firewall are you using ? What kind of OS is running on the servers?

I will make assumtions:
You have a sonic account, and your old and new server are connected to ports on the modem/router or to a switch downstream, but the DHCP is done in the sonic issued router switch.

You have specified in the DHCP, static allocation to the old and new server based on their MAC address so say the old is always getting 192.168.1.10 and the new is always getting 192.168.1.11
You have some port forwarding setup so inbound traffic on port 80 that reaches the router/switch was send to 192.168.1.10 and is now sent to 192.168.1.11

Does it describe your setup ?

Does the server HTTP answer correctly from inside your network and the issue is only with inbound traffic from outside?
What do you mean by the firewall stopped routing?
by memartinez » Mon Apr 23, 2018 1:36 pm
Close. Here is what I have:
Sonic Modem/Firewall PACE. The servers are running with static IP addresses. I defined the servers to the Firewall and I can now go and filter traffic to these servers. I clicked on Allowed traffic to individual applications. I ensured that the port 80 traffic was routed to the new server and not to the old server. I saved the changes and rebooted the modem. However, it did not work. when I switch back to the old server, it works perfect. There has to be one more item that I am missing to complete the switch.

Thanks for the help...
by ngufra » Mon Apr 23, 2018 1:42 pm
What kind of firewall are you using ? What kind of OS is running on the servers?

I do not knows the PACE router but have found that letting the modem router do DHCP and adding reservations based on MAC addresses works well and avoids having multiple devices using the same IP address if the static IP is also allocated by modem/router to another device.


Make sure the web server on new server has its firewall rules set; does it work when you browse to the new server locally?
by memartinez » Mon Apr 23, 2018 2:37 pm
Yes, the modem/Firewall is a PACE model 4111N-030. The IP range is divided into two ranges, the static IP range and the DHPC range. The Servers are Linux servers running MySQL local, HTTP, HTTPS, NAMED, Postfix, etc. The new server was tested using the internal IP addresses and the server is responding to requests internally. When the request arrrives from the external IP and it is routed to the internal IP/port, it does not reply. In fact, the logs have no reference of the request arriving.
8 posts Page 1 of 1

Who is online

In total there is 1 user online :: 0 registered, 0 hidden and 1 guest (based on users active over the past 5 minutes)
Most users ever online was 422 on Sat May 26, 2012 5:28 am

Users browsing this forum: No registered users and 1 guest