Fortigate Virtual IP and Moodle NAT Problems

Fortigate Virtual IP and Moodle NAT Problems

by Matt Stavert -
Number of replies: 5
Hi there, I'll try to be as clear as possible with my problem. We have a fortigate firewall in our devision, with several web-servers running on the DMZ (10.10.x.x) addresses. All of these servers have Virtual IP's forwarded from the fortigate outside interface pointing into the 10.10.x.x address on the inside DMZ interface. We are lucky in that we have several class C address ranges in the 199.216.xxx.xxx that we can use, and NAT to our internal addresses. We are also lucky, as the fortigate usually does this with ease. To date we have about 10+ web-servers running this way. As for services, we only allow through what we must port 80, port 25 for email etc. All of these servers run fine, and speedy when accessed from the outside world, and internally.

Now here is where the issue occurs, I just built A Ubuntu LAMP server, and then installed Moodle, this went flawlessly. I then did some access tests from our internal WAN, the server was very speedy. Here are the server Specs:

Dell Poweredge 2500
Ubuntu 6.06 LTS Server Edition
Command Line only
4 GB Ram
160 GB SCSI HDD's Raid 5
Dual P3 1.0 Ghz CPU's
CDROM drive
Internal GB Nic

Eth0 is set up on the 10.10.xx.xx address

I apply the same Virtual IP Configuation as all our other fully functioning Webservers, and forward 199.216.xxx.xxx to 10.10.xx.xx and apply a policy to put this in place, and forward port 80 and other services I want for moodle. The results in speed are DISMAL, when I try to access it externally from it's Virtual IP, I have tried from several outside connections and eveytime, the browser chugs away for 10 minutes, and after that a get a partial display of the moodle front page.

Since most of my other servers are IIS, I am wondering if Apache reacts different with my nating firewall and virtual IP, because my windows server seem to love there virtual IP...

Any advice or solutions that anyone has to offer would be great, I really look foward to hearing from you smile


Average of ratings: -
In reply to Matt Stavert

Re: Fortigate Virtual IP and Moodle NAT Problems

by Iñaki Arenaza -
Picture of Core developers Picture of Documentation writers Picture of Particularly helpful Moodlers Picture of Peer reviewers Picture of Plugin developers

Just to check the obvious but, have you configured Moodle's $CFG->wwwroot to use the external Virtual IP address? (or a DNS name that points to it).

Saludos. Iñaki.

Average of ratings: -
In reply to Iñaki Arenaza

Re: Fortigate Virtual IP and Moodle NAT Problems

by Matt Stavert -
Hi Inaki, I did read about this, but had not changed this yet, as I was not sure if I was on the right track with it...but it sounds like I am smile Thanks for comforming it for me, I needed a little nudge smile I thought it was just for outside DNS, but if I can put the outside Class C 199.216.xxx.xxx that would be great! Just to make sure I have the configuration right, what do you think it would look like in the $CFG->wwwroot for my scenario?

Thanks in advance for all your help!
Average of ratings: -
In reply to Matt Stavert

Re: Fortigate Virtual IP and Moodle NAT Problems

by Iñaki Arenaza -
Picture of Core developers Picture of Documentation writers Picture of Particularly helpful Moodlers Picture of Peer reviewers Picture of Plugin developers

Just to make sure I have the configuration right, what do you think it would look like in the $CFG->wwwroot for my scenario?

You need to put something that is resolvable/reachable from both the outside and the inside.

The Right Way(tm) to do it is by using a DNS domain name that you later map to the right IP (public IP on the outside, private IP on the inside). This way you have stable URLs and don't have to mess with NAT, routing, reverse proxying and URL rewriting and so on.

Of course, not everybody can control their DNS names, so they do what they can (all of the things mentionned above).

Saludos. Iñaki.

Average of ratings: -
In reply to Iñaki Arenaza

Re: Fortigate Virtual IP and Moodle NAT Problems

by Matt Stavert -

Worked like a charm!  That was the one thing I was missing for my VIP NAT  to work, thank-you so much!!

Performance is GREAT now!

Average of ratings: -
In reply to Iñaki Arenaza

Re: Fortigate Virtual IP and Moodle NAT Problems

by Bob Hoagland -

I had exactly the same problem today.  I am BRAND NEW to Moodle; would you mind sharing the steps I need to go through to:

"configured Moodle's $CFG->wwwroot to use the external Virtual IP address"

Thank you in advance. 

Bob Hoagland

Average of ratings: -