Use private IP's in DMZ for InterWorx Server

Hi,
If i remember correctly there was a requirement for InterWorx Servers to have directly a public IP assigned - just can’t find that information anymore somehow so my question is, is it now also possible to host InterWorx Servers in a DMZ with private IP’s which are NAT’ed from a public subnet?

I’ve two InterWorx Servers running right now (Web, eMail, DNS) and want to move them into my DMZ behind a new firewall.

Thanks,
Thomas

Hi John,

My installation is already “some” years old so this feature might have been added afterwards.

The topic with NAT to DMZ from technical side is no issue for me, i just want to cleanup my network design a bit and use already many systems behind firewall in DMZ, just the InterWorx Servers i’d to put directly on the net with their public IP’s which made me a headache for several years (ok, my mistake that i didn’t check if i can put it already in DMZ with private ip’s since years :smiley: ).

As my installation is already running with public ip’s, can i just add the private ip’s, then remove the public ip’s and will get this feature available to complete the external IP or do i’ve to start from scratch?

Thanks,
Thomas

Hi Thomas

Many thanks

What IW version and distro are you using

If you have an owned license, you could always pay the small amount to update to latest IW version. There are a lot new features such as multi PHP installation, Lets Encrypt etc…

I think you would need to adjust your network settings on server first (note I do not know your setup so I could be entirely wrong sorry), which you would do from SSH, and su vi /etc/sysconfig/network-scripts/ifcfg-em1 (or whatever your network is called), changing the assigned IP address and gateway to your local LAN. Reboot and access by SSH again to make sure it is correct.

Please only do the above if you have local access or another means of directly accessing your server should the above fail.

You may need to change some more aspects, but initially the above should get you into a lan setup.

You could add your internal IP address, but it would be secondary to main, eg em1 and em1:0, so you could not delete the main IP as this is set in ifcfg as descibed above.

I would need to go through some of my test server to locate other areas that may need correctly, but is easy completed by a .pex from IW for changing IP addresses.

However, please do not make any changes until we know what your distro and IW you are using.

Many thanks

John

Hi John,
I’ve a rent license and automatically update to the latest version always. Let’s encrypt is already a feature i enjoy :wink:

So first i’ve to change the network on OS level, reboot and then add the public ip back through the webinterface.

Distro i use some older CentOS (i think 6, not 100% sure right now) but as i should upgrade OS anyway too i might even just request two trial keys and make fresh installation with the new internal IP’s and just migrate the webspaces / DNS from the existing installation to a complete new one.

Thanks,
THomas

Hi Thomas

Many thanks, glad your using latest veriosn IW and liking the features

Centos 6 is still active and in general, the differences between centos 6 to 7 are, apache (2.3 v 2.4) and TLSv1.3 when it becomes main stream/available. (I read somewhere I am sure, that TLSv1.3 will not be back ported to Centos 6).

I am sure there are many differences though between Centos 6/7, but the above are main features for myself and we have a mixture of Centos 6 and centos 7 servers.

Yes, you just amend the NIC IP to internal as you stated for changing without migration, but migration to a new server is the route I would take (able to keep both servers live so no real downtime. I would change the DNS TTL to 3600 so it is quicker on a new IP if changing servers and also, setup a /chroot for new install, so it uses /chroot/home (synlink will be made auto for you as long as /home is not on its own partition).

The reason for this is incase future, you would like to use the clustering aspects of IW-CP.

Many thanks and good luck with which ever way you decide

John

How You can use Use private IP’s in DMZ for InterWorx Server? You can get efficient access to 192.168.0.1 IPs easily.

Hi hattydonald

Yes

Many thanks

John

hey,
thanks for answering!!
best reagrds!

This feature is not working for me . Can anyone help me out that why is this happening???

Hi makronson

Welcome to IW forums

You will need to post most details for anyone to help

How are you routing your IP address

Many thanks

John

great, get to the right place has been made difficult all this subject, productive information.
Greetings.