How to run two webservers

[SuperB]

I don't have the full output of your 'iptables --list' commands, but you will have to watch the order in which rules are listed.
You should have those lines at or near the top of the tables.

Are you sure the drive/directory on wich you map busybox_http is mounted at the moment busybox_http starts?

[kRiSiS]

Here's the top few results of iptables --list:

Code:

Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             myrouter.dyn.optonline.nettcp dpt:webcache flags:SYN,RST,ACK/SYN
DROP       all  --  anywhere             anywhere           state INVALID
ACCEPT     all  --  anywhere             anywhere           state RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere           state NEW
ACCEPT     all  --  anywhere             anywhere           state NEW
SECURITY   all  --  anywhere             anywhere           state NEW
ACCEPT     tcp  --  anywhere             anywhere           tcp dpt:ssh
ACCEPT     tcp  --  anywhere             anywhere           tcp dpt:ftp

And here are the results of iptables --list -t nat:

Code:

Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
DNAT       tcp  --  anywhere             myrouter.dyn.optonline.nettcp dpt:www to:[router's actual ip]:8080
DROP       tcp  --  anywhere             anywhere           tcp dpt:webcache
VSERVER    all  --  anywhere             myrouter.dyn.optonline.net
NETMAP     udp  --  anywhere             myrouter.dyn.optonline.netudp spt:6112 192.168.1.0/24

I'm 100% sure busybox works because I can access my pages from WAN on a different port (8008) with that port forwarded in post-firewall as

Code:

iptables -A INPUT -p tcp --dport 8008 -j ACCEPT
iptables -t nat -A PREROUTING -i  -p tcp --dport 8008 -j DNAT --to-destination :8008

Busybox runs on my /opt/share/www directory of the USB hard drive.

Update: When I go to http://myrouteripaddress (which is the ip i get from whatismyip.com), I get the web page, but I know that when I ask people to visit the ip address, they get a Page cannot be displayed error. Do I have something in my post-firewall config mixed up?

Here's my post-firewall in its entirety:

Code:

#!/bin/sh
iptables -D INPUT -j DROP

#iptables -A INPUT -p tcp --dport 81 -j ACCEPT
#iptables -A INPUT -p tcp --dport 80 -j ACCEPT
#iptables -t nat -I PREROUTING 1 -i $1 -p tcp --dport 80 -j DNAT --to-destination $2:81

iptables -t nat -I PREROUTING 1 -p tcp -d "$2" --dport 80 -j DNAT --to "$2":8080
iptables -t nat -D PREROUTING -i "$1" -p tcp --dport 80 -j DROP
iptables -t nat -I PREROUTING 2 -i "$1" -p tcp --dport 8080 -j DROP
iptables -I INPUT 1 -i "$1" -d "$2" -p tcp --syn --dport 8080 -j ACCEPT

iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 21 -j ACCEPT
iptables -A INPUT -p tcp --dport 8008 -j ACCEPT
iptables -A INPUT -p tcp --dport 1213 -j ACCEPT
iptables -A INPUT -p tcp --dport 1214 -j ACCEPT
iptables -A INPUT -p tcp --dport 3512 -j ACCEPT
iptables -A INPUT -p tcp --dport 56881:56889 -j ACCEPT
iptables -A INPUT -p tcp --dport 9387 -j ACCEPT

iptables -t nat -A PREROUTING -i  -p tcp --dport 22 -j DNAT --to-destination :22
iptables -t nat -A PREROUTING -i  -p tcp --dport 21 -j DNAT --to-destination :21
iptables -t nat -A PREROUTING -i  -p tcp --dport 8008 -j DNAT --to-destination :8008
iptables -t nat -A PREROUTING -i  -p tcp --dport 1213 -j DNAT --to-destination :1213
iptables -t nat -A PREROUTING -i  -p tcp --dport 1214 -j DNAT --to-destination :1214
iptables -t nat -A PREROUTING -i  -p tcp --dport 3512 -j DNAT --to-destination :3512
iptables -t nat -A PREROUTING -i  -p tcp --dport 56881 -j DNAT --to-destination :56881
iptables -t nat -A PREROUTING -i  -p tcp --dport 56882 -j DNAT --to-destination :56882
iptables -t nat -A PREROUTING -i  -p tcp --dport 56883 -j DNAT --to-destination :56883
iptables -t nat -A PREROUTING -i  -p tcp --dport 56884 -j DNAT --to-destination :56884
iptables -t nat -A PREROUTING -i  -p tcp --dport 56885 -j DNAT --to-destination :56885
iptables -t nat -A PREROUTING -i  -p tcp --dport 56886 -j DNAT --to-destination :56886
iptables -t nat -A PREROUTING -i  -p tcp --dport 56887 -j DNAT --to-destination :56887
iptables -t nat -A PREROUTING -i  -p tcp --dport 56888 -j DNAT --to-destination :56888
iptables -t nat -A PREROUTING -i  -p tcp --dport 56889 -j DNAT --to-destination :56889
iptables -t nat -A PREROUTING -i  -p tcp --dport 9387 -j DNAT --to-destination :3689

ip link set dev $1 qlen 30
iptables -A PREROUTING -t mangle -s 10.0.1.0/30 -j MARK --set-mark 6
/usr/local/sbin/wshaper start $1 3600 240
iptables -A INPUT -j DROP

[kRiSiS]

Anyone? No ideas/help?

[oleo]

With Oleg firmware it is easy to move GUI httpd to other port with simple

Code:

nvram set http_lanport=8002 && nvram commit && reboot

Then you can setup another http server like busybox_httpd on standard port 80 with the following script:

Code:

#!/bin/sh

PATH=/sbin:/bin:/usr/bin:/usr/sbin:/opt/bin:/opt/sbin

# Uncomment path to busybox httpd to enable startup
BUSYBOX_HTTPD=/usr/sbin/busybox_httpd

HTTPD_CONFIG=${HOME}/httpd.conf
LISTENING_PORT=80


check_config(){
  if [ ! -e ${HTTPD_CONFIG} ]; then
  echo "Creating default ${HTTPD_CONFIG}"
  cat > ${HTTPD_CONFIG} << __EOF__
# httpd.conf has the following format:
#
# A:172.20.         # Allow address from 172.20.0.0/16
# A:10.0.0.0/25     # Allow any address from 10.0.0.0-10.0.0.127
# A:10.0.0.0/255.255.255.128  # Allow any address that previous set
# A:127.0.0.1       # Allow local loopback connections
# D:*               # Deny from other IP connections
# /cgi-bin:foo:bar  # Require user foo, pwd bar on urls starting with /cgi-bin/
# /adm:admin:setup  # Require user admin, pwd setup on urls starting with /adm/
# /adm:toor:PaSsWd  # or user toor, pwd PaSsWd on urls starting with /adm/
# .au:audio/basic   # additional mime type for audio.au files
#
# A/D may be as a/d or allow/deny - first char case insensitive
# Deny IP rules take precedence over allow rules.
#
#
# The Deny/Allow IP logic:
#
#  - Default is to allow all.  No addresses are denied unless
#         denied with a D: rule.
#  - Order of Deny/Allow rules is significant
#  - Deny rules take precedence over allow rules.
#  - If a deny all rule (D:*) is used it acts as a catch-all for unmatched
#       addresses.
#  - Specification of Allow all (A:*) is a no-op
#
# Example:
#   1. Allow only specified addresses
#     A:172.20          # Allow any address that begins with 172.20.
#     A:10.10.          # Allow any address that begins with 10.10.
#     A:127.0.0.1       # Allow local loopback connections
#     D:*               # Deny from other IP connections
#
#   2. Only deny specified addresses
#   2. Only deny specified addresses
#     D:1.2.3.        # deny from 1.2.3.0 - 1.2.3.255
#     D:2.3.4.        # deny from 2.3.4.0 - 2.3.4.255
#     A:*             # (optional line added for clarity)
#
# If a sub directory contains a config file it is parsed and merged with
# any existing settings as if it was appended to the original configuration.
#
# subdir paths are relative to the containing subdir and thus cannot
# affect the parent rules.
#
# Note that since the sub dir is parsed in the forked thread servicing the
# subdir http request, any merge is discarded when the process exits.  As a
# result, the subdir settings only have a lifetime of a single request.
#
A:*
#/cgi-bin:${USER}:password
.au:audio/basic
.asp:text/html
__EOF__
  fi
}
start() {
  if [ ! -x "${BUSYBOX_HTTPD}" ]; then
        echo "busybox httpd ${BUSYBOX_HTTPD} not started."
        exit 2
  fi
  check_config
  echo -n "Starting busybox httpd at port ${LISTENING_PORT} ... "
  ${BUSYBOX_HTTPD} -c ${HTTPD_CONFIG} -p ${LISTENING_PORT} -h /opt/share/www
  echo "done"
}

stop() {
        echo -n "Shutting down busybox httpd... "
        killall busybox_httpd
        echo "done"
}

case "$1" in
        start)
                start
                ;;
        stop)
                stop
                ;;
        restart)
                stop
                sleep 1
                start
                ;;
        *)
                echo "Usage: $0 (start|stop|restart)"
                exit 1
                ;;
esac

I run thttpd and busybox_httpd besides httpd server. Opening appropriate ports with GUI interface is not really an issue.

[KGy]

Sorry my english.
If I run two busybox_httpd server on my router, "killall busybox_httpd" shutting down both.

If I select busybox_httpd pid by config file (/opt/etc/httpd1.conf and /opt/etc/httpd2.conf):

ps | grep "/opt/etc/httpd1.conf" | grep -v "grep" | awk '{print $1}'

And I can't send for "kill" this pid. How I can do?

ps | grep "/opt/etc/httpd1.conf" | grep -v "grep" | awk '{print $1}' | kill
not worked... :-(

George

[SuperB]

Hi George,

This works:

Code:

kill `ps | grep "busybox_httpd" | grep -v "grep" | awk '{print $1}' `

[KGy]

Thanks, SuperB!

George