[PLUG] servicing a domain from behind a firewall

Josh Orchard josh at emediatedesigns.com
Tue Jul 30 15:17:54 UTC 2002


I think you understand and that was my concern.  I could combine the
servers for http and mail I suppose but was avoiding that.  I'll look into
getting another IP but that may be too expensive.  Thanks for the help.
Josh

> On Tue, 30 Jul 2002, Josh Orchard wrote:
>
>> That sounds good but won't all traffic then to the 123.45.67.89 ip
>> then get forwarded to the internal machine?  I have two domains and
>> would like one resolved on 123.45.67.89 and the other sent to
>> 10.0.0.13.
>>
>> That is:
>>
>> domain1.com is seen from the world to go to 123.45.67.89 and that
>> linux box will handle all the request for any services.  This
>> machine is also the firewall and does NAT for the internal network.
>>
>> domain2.com is also been seen to the world as being 123.45.67.89 but
>> any request to this domain should be forwarded to 10.0.0.13.
>>
>> Is that still possible with iptables?
>
> No.
>
> In fact, it's pretty much impossible with any IP traffic except for web
> stuff. HTTP 1.1 specifies that a hostname is to be passed to the server
> (making name-based virtual servers possible) in the http
> headers, but otherwise TCP/UDP traffic show up at a given IP address
> without any care for the name that got them there.
>
> For example, if 123.45.67.89, host.example.com, and cname.example.com
> all point to the same box, then the packets from these commands will
> all look identical when they reach the server:
>
>  ftp 123.45.67.89
>  ftp host.example.com
>  ftp cname.example.com
>
> AFAIK, there's absolutely no way to distinguish between them.
>
> Unless I'm missing something, the only way to accomplish your goal is
> to get another real-world IP address and point your second domain name
> at it.
>
> --Paul Heinlein <heinlein at attbi.com>
>
>
> _______________________________________________
> PLUG mailing list
> PLUG at lists.pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug







More information about the PLUG mailing list