Unable to reach Apache website from NAT IP. Resolving to hostname

by

CentOS 7.x

Apache (httpd)

External NAT: 10.140.x.x

Internal IP: 10.105.x.x

When trying to reach the apache server on https://10.140.x.x, it tries to resolve the hostname in the lower left corner of firefox. This won’t work because we can’t control DNS for the NAT network. How do I configure Apache to listen on an IP that obviously doesn’t exist on any interface of the box?

I’ve tried editing /etc/httpd/conf/httpd.conf

ServerName 10.140.x.x:80

and

/etc/httpd/conf.d/ssl.conf

<VirtualHost _default_:443>

# General setup for the virtual host, inherited from global configuration
DocumentRoot "/var/www/html"
ServerName 10.140.x.x:443

But these edits don’t seem to do anything. We are able to reach the site on the same internal network.

Answer

I haven’t used apache in a number of years, so excuse me if this isn’t completely correct (I used nginx, it’s really good, you should give it a look). As I stated in my comment, you’re not using a hostname in your request, so it shouldn’t be trying to do any DNS lookup (unless you’ve omitted that info).

I would also suggest using curl to test instead of a web browser. If you do:

curl 10.10.11.1 -vvv

It should tell you exactly what is going on during the request, using a web browser can make it harder to understand issues.

In answer to your question:

How do I configure Apache to listen on an IP that obviously doesn’t exist on any interface of the box?

Why would you want to? If you did this, it would be listening for traffic to come in on an address that isn’t ever going to get to apache, so it will never serve that content.

If you’re hoping to point traffic at the public address of your NAT gateway, and for that traffic to reach your web server, that won’t work either, NAT doesn’t know where to route your web request. NAT gateways are generally used so your host can speak to the outside world, and their returning traffic is able to find the host it came from. You don’t use a NAT gateway to route incoming traffic to a given host, that’s what port forwarding/redirection is for.

Maybe some extra context about your infrastructure and what you’re trying to achieve will make it easier to find you an appropriate solution?

Attribution
Source : Link , Question Author : Johnny Doe , Answer Author : Rumbles

Leave a Comment