This is part of The Pile, a partial archive of some open source mailing lists and newsgroups.
Subject: Port forwarding into a private network for multiple domains From: "Toby A. Rider" <tarider@argyll.wisemagic.com> Date: Tue, 22 Feb 2000 17:23:23 -0800 I got a good response on this question from an admin on the linux-admin list. When I get home tonight I'll have to try it out. He said: > instead of an ipchains rule to accomplish this sort of port forwarding, > i've used a small tcp port redirector called redir - short for on firewall > machines. very simple configuration. runs out of inetd or standalone. > look at http://metalab.unc.edu/pub/linux/system/network/daemons/redir-2.2.tar.gz So I haven't given up yet. I haven't given in to my ISP and leased another block of real IP addresses :-) ==== Subject: Re: Port forwarding into a private network for multiple domains From: Edward Marczak <marczak@usa.net> Date: Wed, 23 Feb 2000 09:24:22 -0500 on 22/2/2000 3:20 PM, Igmar Palsenberg shot down the bitstream: >> Whenever joe user pulls up his web browser and goes to www.mydomain.com, the >> IPCHAINs box routes to 192.168.0.10 on the inside, whenever joe user pulls up >> his browser and goes to www.myotherdomain.com, the IPCHAINs box routes to >> 192.168.0.11 on the inside. > > Simply : No > > The only way that a webserver is able to know which domain it needs to > server is with a HTTP 1.1 header. (I'm not in the mood to explain the HTTP > 1.1 header :-))) > > ipchains has no knowledge of the HTTP protocol, so can't redirect on > domain. > > No real solutions to this, execpt using multiple outside IP's. Or a single web server running virtual domains. This single web server would get all port 80 traffic forwarded to it and figure out the correct domain from the HTTP header. === Subject: Re: Port forwarding into a private network for multiple domains From: Edward Marczak <marczak@usa.net> Date: Wed, 23 Feb 2000 09:24:22 -0500 on 22/2/2000 4:20 PM, Charles Galpin shot down the bitstream: > I sort of vaguely remember seeing somehwere that apache could act as some > sort of proxy and redirect virtual hosts to other internal machines (and > I'm assuming back out transparantly), but that could just be wishful > thinking. > > Anyone know about something like this? That is absolutely true. I haven't done it myself, but someone on my staff has, and it works. Get the O'Reilly (Horse?) book, or check the Apache web site. === Subject: Re: Port forwarding into a private network for multiple domains From: Charles Galpin <cgalpin@lighthouse-software.com> Date: Wed, 23 Feb 2000 09:25:44 -0500 (EST) I posted a question on the mod-perl list since I thought this could be done via apache. Here is a response I got that indicates it can be done with Apache (not needing mod-perl) >For example, requests to > >domA.com:80 ---> 192.168.1.1:80 >domB.com:80 ---> 192.168.1.2:80 This is probably off-topic if it can be done without mod-perl :P <VirtualHost domA.com> ProxyPass / http://192.168.1.1/ ProxyPassReverse / http://192.168.1.1/ </VirtualHost> </VirtualHost domB.com> ProxyPass / http://192.168.1.2/ ProxyPassReverse / http://192.168.1.2/ </VirtualHost> I don't have time to try this right now, but am interested in the result. === Subject: Re: Port forwarding into a private network for multiple domains From: Charles Galpin <cgalpin@lighthouse-software.com> Date: Wed, 23 Feb 2000 11:37:13 -0500 (EST) sorry, I should have said this is done through mod_proxy, and the ProxyPassReverse directive is only present in Apache 1.3b6 and later. After reading up on it, this looks perfect! ===