All of lore.kernel.org
 help / color / mirror / Atom feed
* publishing 2 web server on one valid IP
@ 2003-09-29 12:12 Afshin Lamei
  2003-09-29 12:38 ` Ray Leach
  2003-09-29 13:29 ` Tomas Edwardsson
  0 siblings, 2 replies; 4+ messages in thread
From: Afshin Lamei @ 2003-09-29 12:12 UTC (permalink / raw)
  To: netfilter

hi
I have 2 web servers in my DMZ. when there was one, I used DNAT to publish 
the single web server on port 80 of the external interface of my firewall. 
now I don't know how to distinguish between the requests of 2 web servers, 
because I have only one IP address available for the external interface.
Is there any solution using iptables, to know that which http request must 
be DNAT to which web server?
regards,
afshin

_________________________________________________________________
Add photos to your e-mail with MSN 8. Get 2 months FREE*. 
http://join.msn.com/?page=features/featuredemail



^ permalink raw reply	[flat|nested] 4+ messages in thread
* RE: publishing 2 web server on one valid IP
@ 2003-09-29 23:43 George Vieira
  0 siblings, 0 replies; 4+ messages in thread
From: George Vieira @ 2003-09-29 23:43 UTC (permalink / raw)
  To: Afshin Lamei, netfilter

Depending on your load on the webserver.. If a proxy of some sort is not possible and you have one grunty firewall that can handle string modules well enough, you can string match the virtual host.

I've tested this and it works even though there's a possibility that some packets may be small enough to be fragmented and the string match won't match it but so far it's been OK. I haven't tested it with a large site either.. so really depends if this is a small project or not.

I would not use string matching on a production machine where it's critical to get it working 110%...

I would rather tell the ISP to supply 2 IPs...

Thanks,
____________________________________________
George Vieira
Systems Manager
georgev@citadelcomputer.com.au

Citadel Computer Systems Pty Ltd
http://www.citadelcomputer.com.au

-----Original Message-----
From: Afshin Lamei [mailto:linux_st@hotmail.com]
Sent: Monday, 29 September 2003 10:13 PM
To: netfilter@lists.netfilter.org
Subject: publishing 2 web server on one valid IP


hi
I have 2 web servers in my DMZ. when there was one, I used DNAT to publish 
the single web server on port 80 of the external interface of my firewall. 
now I don't know how to distinguish between the requests of 2 web servers, 
because I have only one IP address available for the external interface.
Is there any solution using iptables, to know that which http request must 
be DNAT to which web server?
regards,
afshin

_________________________________________________________________
Add photos to your e-mail with MSN 8. Get 2 months FREE*. 
http://join.msn.com/?page=features/featuredemail




^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2003-09-29 23:43 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2003-09-29 12:12 publishing 2 web server on one valid IP Afshin Lamei
2003-09-29 12:38 ` Ray Leach
2003-09-29 13:29 ` Tomas Edwardsson
  -- strict thread matches above, loose matches on Subject: below --
2003-09-29 23:43 George Vieira

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.