I have a DMZ web server or one running on my firewall itself. I can see it at home but not from work. What is going on?
A:
A great many ISPs filter out port 80 these days on their broadband networks. Before spending a great deal of time trying to debug your firewall, check with your ISP first and see if they are filtering this service out. If they are, your only option is to run your web server on another ISP that is not filtered or run your web server on a different port. A quick and dirty way to test this is with telnet and to issue an HEAD / HTML 1.0 \n\n.
Example:
[user@laptop tmp]$ telnet www.atomicrocketturtle.com 80 Connected to www.atomicrocketturtle.com (216.218.240.133). Escape character is '^]'. HEAD / HTML 1.0 \n\n HTTP/1.1 403 Forbidden Date: Wed, 15 Sep 2004 18:42:19 GMT Server: Apache Accept-Ranges: bytes Content-Length: 2898 Connection: close Content-Type: text/html; charset=ISO-8859-1 Connection closed by foreign host.
If you cannot connect, then it's a good indication that your ISP is filtering out port 80 into their network.
Q:
I have one IP addressdoes netfilter support name-based hosting to route web traffic to two different web servers using the same port (80)?
A:
No, netfilter operates at too low of a level to perform any kind of name-based hosting. You would need to use an application layer proxy on your firewall to do this.
