SUMMARY: Redirecting incoming http traffic?

From: Mann Michael <Mike.Mann_at_icl.com>
Date: Fri Dec 14 2001 - 04:12:20 EST
I've answered several questions on this mailing list but this was
the first I'd asked and I was extremely impressed by the number and
quality of the responses.  It's so good that people are willing to
help.

The original question is appended at the end.  Briefly, I was having
some difficulty compiling portfwd on Solaris 8 and asked for 
alternative suggestions.

My first mistake was using Sun's make in /usr/ccs/bin/make.  Many
people (Kathryn Fielding, Ric Anderson, Rob Helmer, Thomas Anders,
John Riddoch and Michael Shulte) suggested using gnu make and this
was needed.  gnu make lives in /opt/sfw/bin/gmake if the "Software 
Companion" packages have been installed.

gmake went further but the compilation failed with an undefined
MSG_PROXY variable.

Ryan McEwan offered the solution to this, which is to edit
src/host_map.cc and add:

#define MSG_PROXY 0

portfwd then compiled successfully and is doing exactly what I
wanted.

Ryan also pointed out that portfwd is dependent on autoconf and automake
and needs libstdc++.so.2.10.0 at run time.  These are all installed
from the Companion CD with Solaris 8 but the search and library paths
may need amending.

In the meantime, Rob Helmer kindly emailed me a precompiled version.

There were many other helpful suggestions and comments:

Dan wrote:

On an addition to your last option, why not make a server with a custom 401
error page that does the redirection transparently and then have NONE of
your normal files in the htdocs dir so every page requested generates a
401.

There are examples in the apache httpd.conf.  There are some catches, but
it might be a bit more elegant in case someone is linked to you below /.

Bernard Sadlowski wrote:

I know a working port fwd tool for linux. Maybe it runs also on solaris, but
I haven't tested it. You can find it on www.freshmeat.net and searching for
tcpxd or just to go the homepage http://quozl.us.netrek.org/tcpxd/

One the other hand I think setting up apache and make a simple redirect
might
be the best, because the client should then speak directly to the real
webserver and does not need any port forwarding tricks. This saves of course
also some net bandwidth...

Larry Snyder wrote:

For the length of time you're describing, the http redirect may be
the easiest shot.  Have your dns provider crank down the ttl for the
domain temporarily for a few hours just prior to their implementing
the change and it'll propagate quicker.  Then just leave the redirect
in place for a day or so.

Dirk-Willem van Gulik wrote:

Just use apache and put in:

	RewriteEngine On
	RewriteRule	/(.*)	http://IP-of-new-site/$1

Rob Helmer wrote:

Also, you could use mod_rewrite ( in Apache ) to transparently
redirect users ( temporarily of course ) : 
http://httpd.apache.org/docs/misc/rewriteguide.html

( note: I haven't used it yet, just read alot about it.
  So, I cannot say mod_rewrite works from experience :)

Robert Reynolds wrote:

Why don't you do a redirect in apache from site a to site b

Quick n dirty

Kent Hundley wrote:

Sorry I can't answer your question about portfwd, I've never used the
program. However using NAT is a simple alternative.  Just setup IP Filter on
your sun box with a few simple rules and you should be all set.

Here's a url that may be helpful:

http://www.rite-group.com/consulting/solaris_nat.html

Using the url re-direct will work as well of course, just thought I'd give
you another option.

Jesse Trucks wrote:

Just use apache to redirect the site to the new IP.

This might help:

http://httpd.apache.org/docs/mod/mod_alias.html#redirect

sysadmin@astro.su.se wrote:

If you've got ssh (the OpenSSH version, preferably) on the temporary
machine, you could set up a tunnel

www.site_A# ssh somehost -L 80:www.site_B:80 -o'GatewayPorts yes'

or

somehost$ ssh root@www.site_A -R 80:www.site_B:80

I've only tested the former, but either should work. "somehost" can be
just about anywhere.

As for the DNS, I hope you've already shortened the TTLs on the A
records that are going to change. That's the best way to have a fast
cutover.

I don't think you need Apache for something as simple as redirects.
Try http://www.technopagan.org/software/redir-httpd.c . Far from
industrial-strength, but maybe the right size for your needs.

David Baldwin wrote:

If you already have ssh installed you can use that to forward ports, and
its encrypted too.

I hope I haven't missed anyone.  Many thanks to everyone for their
helpful suggestions.  The original question was:

-----Original Message-----

I'm moving a Web server at the weekend from site A to site B and
from one network to another.  The DNS changes may lag the move
(because I don't control it) and I'd quite like to put a machine
in site A temporarily, with the server's old IP address, to forward
traffic to the new address.

I've done this before on another unix using portfwd from
http://portfwd.sourceforge.net/.  This is an application-level
TCP forwarder that listens on a configurable port, forwards
incoming connections to a remote server and returns responses
from the server to the client.

The documentation says it works on Solaris and I've tried
compiling it on a full build of SPARC Solaris 8 7/01 plus all
the freeware packages from the companion CD.  The ./configure
works fine but the make fails with:

mksh: Fatal error in reader: = missing from replacement macro reference

I could hack the Makefile given time but I'm really looking for
a solution that can be deployed quickly with minimum fuss.

I wondered if anyone has managed to compile portfwd on Solaris 8
or could suggest a simple alternative program.  If all else fails,
I'll set up Apache on the temporary machine and do a simple http
redirect in the top-level index.html.

Regards, Mike.
Received on Fri Dec 14 09:12:20 2001

This archive was generated by hypermail 2.1.8 : Wed Mar 23 2016 - 16:32:37 EDT