From: Raymond Leach <raymondl@knowledgefactory.co.za>
To: E-GIM Security <security@e-gim.es>
Cc: Netfilter Mailing List <netfilter@lists.netfilter.org>
Subject: Re: Iptables and various domains
Date: 12 Dec 2002 10:14:33 +0200 [thread overview]
Message-ID: <1039680872.4125.30.camel@rayw.knowledgefactory.co.za> (raw)
In-Reply-To: <NEBBKLENIBMGHGCLGBPIKEBKCDAA.security@e-gim.es>
[-- Attachment #1: Type: text/plain, Size: 2381 bytes --]
Hi
Yes and maybe no. If your domains are virtually hosted (they resolve to
the same ip numbers) then no. iptables cannot redirect traffic in this
case - it uses ip numbers. You would need to use something like Apache
virtual hosting and possibly redirect pages to accomplish your goal in
this case.
If your domains resolve to different ip numbers, then iptables can be
your solution:
iptables -t nat -A PREROUTING -d www.dom1.com -p tcp --dport 80 -j
REDIRECT --to-destination webserver-1:80
iptables -t nat -A PREROUTING -d www.dom2.com -p tcp --dport 80 -j
REDIRECT --to-destination webserver-1:80
iptables -t nat -A PREROUTING -d www.dom3.com -p tcp --dport 80 -j
REDIRECT --to-destination webserver-2:80
iptables -t nat -A PREROUTING -d www.dom4.com -p tcp --dport 80 -j
REDIRECT --to-destination webserver-2:80
Remember, to use iptables like above, www.dom1.com, www.dom2.com,
www.dom3.com, www.dom4.com must resolve to different ip numbers.
Ray
On Thu, 2002-12-12 at 10:58, E-GIM Security wrote:
> Hi,
>
> Can Iptables route by domains? For example, I have a webserver and my
> firewall with iptables route all request on port 80 throw IP webserver. I
> need add another webserver, and various domains (www.dom1.com, www.dom2.com)
> will be redirect to webserver-1 and other domains (www.dom3.com,
> www.dom4.com) will be redirect to webserver-2. Can IPTables help me? Which
> is the solution)
>
> Thanks and sorry ... my english is very poor.
>
> José Antonio García García
> Technical Internet Solutions
>
> E-GIM +34 952700010
> http://www.e-gim.es
>
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
( Raymond Leach )
) Knowledge Factory (
( )
) Tel: +27 11 445 8100 (
( Fax: +27 11 445 8101 )
) (
( http://www.knowledgefactory.co.za/ )
) http://www.saptg.co.za/ (
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
o o
o o
.--. .--.
| o_o| |o_o |
| \_:| |:_/ |
/ / \\ // \ \
( | |) (| | )
/`\_ _/'\ /'\_ _/`\
\___)=(___/ \___)=(___/
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]
next prev parent reply other threads:[~2002-12-12 8:14 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-12-12 8:58 Iptables and various domains E-GIM Security
2002-12-12 8:14 ` Raymond Leach [this message]
2002-12-12 9:34 ` E-GIM Security
2002-12-12 8:52 ` Raymond Leach
2002-12-12 8:55 ` Rasmus Reinholdt Nielsen
2002-12-12 9:29 ` Blizzards
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1039680872.4125.30.camel@rayw.knowledgefactory.co.za \
--to=raymondl@knowledgefactory.co.za \
--cc=netfilter@lists.netfilter.org \
--cc=security@e-gim.es \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.