[PLUG] servicing a domain from behind a firewall
Josh Orchard
josh at emediatedesigns.com
Tue Jul 30 15:17:54 UTC 2002
I think you understand and that was my concern. I could combine the
servers for http and mail I suppose but was avoiding that. I'll look into
getting another IP but that may be too expensive. Thanks for the help.
Josh
> On Tue, 30 Jul 2002, Josh Orchard wrote:
>
>> That sounds good but won't all traffic then to the 123.45.67.89 ip
>> then get forwarded to the internal machine? I have two domains and
>> would like one resolved on 123.45.67.89 and the other sent to
>> 10.0.0.13.
>>
>> That is:
>>
>> domain1.com is seen from the world to go to 123.45.67.89 and that
>> linux box will handle all the request for any services. This
>> machine is also the firewall and does NAT for the internal network.
>>
>> domain2.com is also been seen to the world as being 123.45.67.89 but
>> any request to this domain should be forwarded to 10.0.0.13.
>>
>> Is that still possible with iptables?
>
> No.
>
> In fact, it's pretty much impossible with any IP traffic except for web
> stuff. HTTP 1.1 specifies that a hostname is to be passed to the server
> (making name-based virtual servers possible) in the http
> headers, but otherwise TCP/UDP traffic show up at a given IP address
> without any care for the name that got them there.
>
> For example, if 123.45.67.89, host.example.com, and cname.example.com
> all point to the same box, then the packets from these commands will
> all look identical when they reach the server:
>
> ftp 123.45.67.89
> ftp host.example.com
> ftp cname.example.com
>
> AFAIK, there's absolutely no way to distinguish between them.
>
> Unless I'm missing something, the only way to accomplish your goal is
> to get another real-world IP address and point your second domain name
> at it.
>
> --Paul Heinlein <heinlein at attbi.com>
>
>
> _______________________________________________
> PLUG mailing list
> PLUG at lists.pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug
More information about the PLUG
mailing list