* Re: Iptables and various domains
2002-12-12 8:58 Iptables and various domains E-GIM Security
@ 2002-12-12 8:14 ` Raymond Leach
2002-12-12 9:34 ` E-GIM Security
2002-12-12 9:29 ` Blizzards
1 sibling, 1 reply; 6+ messages in thread
From: Raymond Leach @ 2002-12-12 8:14 UTC (permalink / raw)
To: E-GIM Security; +Cc: Netfilter Mailing List
[-- Attachment #1: Type: text/plain, Size: 2381 bytes --]
Hi
Yes and maybe no. If your domains are virtually hosted (they resolve to
the same ip numbers) then no. iptables cannot redirect traffic in this
case - it uses ip numbers. You would need to use something like Apache
virtual hosting and possibly redirect pages to accomplish your goal in
this case.
If your domains resolve to different ip numbers, then iptables can be
your solution:
iptables -t nat -A PREROUTING -d www.dom1.com -p tcp --dport 80 -j
REDIRECT --to-destination webserver-1:80
iptables -t nat -A PREROUTING -d www.dom2.com -p tcp --dport 80 -j
REDIRECT --to-destination webserver-1:80
iptables -t nat -A PREROUTING -d www.dom3.com -p tcp --dport 80 -j
REDIRECT --to-destination webserver-2:80
iptables -t nat -A PREROUTING -d www.dom4.com -p tcp --dport 80 -j
REDIRECT --to-destination webserver-2:80
Remember, to use iptables like above, www.dom1.com, www.dom2.com,
www.dom3.com, www.dom4.com must resolve to different ip numbers.
Ray
On Thu, 2002-12-12 at 10:58, E-GIM Security wrote:
> Hi,
>
> Can Iptables route by domains? For example, I have a webserver and my
> firewall with iptables route all request on port 80 throw IP webserver. I
> need add another webserver, and various domains (www.dom1.com, www.dom2.com)
> will be redirect to webserver-1 and other domains (www.dom3.com,
> www.dom4.com) will be redirect to webserver-2. Can IPTables help me? Which
> is the solution)
>
> Thanks and sorry ... my english is very poor.
>
> José Antonio García García
> Technical Internet Solutions
>
> E-GIM +34 952700010
> http://www.e-gim.es
>
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
( Raymond Leach )
) Knowledge Factory (
( )
) Tel: +27 11 445 8100 (
( Fax: +27 11 445 8101 )
) (
( http://www.knowledgefactory.co.za/ )
) http://www.saptg.co.za/ (
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
o o
o o
.--. .--.
| o_o| |o_o |
| \_:| |:_/ |
/ / \\ // \ \
( | |) (| | )
/`\_ _/'\ /'\_ _/`\
\___)=(___/ \___)=(___/
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]
^ permalink raw reply [flat|nested] 6+ messages in thread
* RE: Iptables and various domains
2002-12-12 9:34 ` E-GIM Security
@ 2002-12-12 8:52 ` Raymond Leach
2002-12-12 8:55 ` Rasmus Reinholdt Nielsen
1 sibling, 0 replies; 6+ messages in thread
From: Raymond Leach @ 2002-12-12 8:52 UTC (permalink / raw)
To: E-GIM Security; +Cc: Netfilter Mailing List
[-- Attachment #1: Type: text/plain, Size: 4171 bytes --]
On Thu, 2002-12-12 at 11:34, E-GIM Security wrote:
> Thanks Raymond:
>
> My domains are virtually hosted. Problems is the next: We have various apps
> in IIS-Windows and ASP technologic. Future developments we need will be
> hosted on Linux with Apache+Tomcat. But, we only use one IP number. Do you
> know another solution?
>
I don't understand the question. You cannot host two physically seperate
machines with one ip (AFAIK). iptables does not have the capability to
look inside http headers (maybe with an iptbles module ...)
Ray
> Thanks a lot
>
> > -----Mensaje original-----
> > De: Raymond Leach [mailto:raymondl@knowledgefactory.co.za]
> > Enviado el: jueves, 12 de diciembre de 2002 8:15
> > Para: E-GIM Security
> > CC: Netfilter Mailing List
> > Asunto: Re: Iptables and various domains
> >
> >
> > Hi
> >
> > Yes and maybe no. If your domains are virtually hosted (they resolve to
> > the same ip numbers) then no. iptables cannot redirect traffic in this
> > case - it uses ip numbers. You would need to use something like Apache
> > virtual hosting and possibly redirect pages to accomplish your goal in
> > this case.
> >
> > If your domains resolve to different ip numbers, then iptables can be
> > your solution:
> >
> > iptables -t nat -A PREROUTING -d www.dom1.com -p tcp --dport 80 -j
> > REDIRECT --to-destination webserver-1:80
> > iptables -t nat -A PREROUTING -d www.dom2.com -p tcp --dport 80 -j
> > REDIRECT --to-destination webserver-1:80
> > iptables -t nat -A PREROUTING -d www.dom3.com -p tcp --dport 80 -j
> > REDIRECT --to-destination webserver-2:80
> > iptables -t nat -A PREROUTING -d www.dom4.com -p tcp --dport 80 -j
> > REDIRECT --to-destination webserver-2:80
> >
> > Remember, to use iptables like above, www.dom1.com, www.dom2.com,
> > www.dom3.com, www.dom4.com must resolve to different ip numbers.
> >
> > Ray
> >
> >
> > On Thu, 2002-12-12 at 10:58, E-GIM Security wrote:
> > > Hi,
> > >
> > > Can Iptables route by domains? For example, I have a
> > webserver and my
> > > firewall with iptables route all request on port 80 throw IP
> > webserver. I
> > > need add another webserver, and various domains (www.dom1.com,
> www.dom2.com)
> > will be redirect to webserver-1 and other domains (www.dom3.com,
> > www.dom4.com) will be redirect to webserver-2. Can IPTables help me? Which
> > is the solution)
> >
> > Thanks and sorry ... my english is very poor.
> >
> > José Antonio García García
> > Technical Internet Solutions
> >
> > E-GIM +34 952700010
> > http://www.e-gim.es
> >
> --
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> ( Raymond Leach )
> ) Knowledge Factory (
> ( )
> ) Tel: +27 11 445 8100 (
> ( Fax: +27 11 445 8101 )
> ) (
> ( http://www.knowledgefactory.co.za/ )
> ) http://www.saptg.co.za/ (
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> o o
> o o
> .--. .--.
> | o_o| |o_o |
> | \_:| |:_/ |
> / / \\ // \ \
> ( | |) (| | )
> /`\_ _/'\ /'\_ _/`\
> \___)=(___/ \___)=(___/
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
( Raymond Leach )
) Knowledge Factory (
( )
) Tel: +27 11 445 8100 (
( Fax: +27 11 445 8101 )
) (
( http://www.knowledgefactory.co.za/ )
) http://www.saptg.co.za/ (
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
o o
o o
.--. .--.
| o_o| |o_o |
| \_:| |:_/ |
/ / \\ // \ \
( | |) (| | )
/`\_ _/'\ /'\_ _/`\
\___)=(___/ \___)=(___/
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]
^ permalink raw reply [flat|nested] 6+ messages in thread
* RE: Iptables and various domains
2002-12-12 9:34 ` E-GIM Security
2002-12-12 8:52 ` Raymond Leach
@ 2002-12-12 8:55 ` Rasmus Reinholdt Nielsen
1 sibling, 0 replies; 6+ messages in thread
From: Rasmus Reinholdt Nielsen @ 2002-12-12 8:55 UTC (permalink / raw)
To: E-GIM Security, netfilter; +Cc: raymondl
Hi
You could use squid proxy server in accelerating mode, see
http://www.zope.org/Members/htrd/howto/squid
and verious other pages, use virtual mode, and it redirects to several
internal webservers based on http header information
/Rasmus
At 09:34 12-12-2002 +0000, E-GIM Security wrote:
>Thanks Raymond:
>
>My domains are virtually hosted. Problems is the next: We have various apps
>in IIS-Windows and ASP technologic. Future developments we need will be
>hosted on Linux with Apache+Tomcat. But, we only use one IP number. Do you
>know another solution?
>
>Thanks a lot
>
> > -----Mensaje original-----
> > De: Raymond Leach [mailto:raymondl@knowledgefactory.co.za]
> > Enviado el: jueves, 12 de diciembre de 2002 8:15
> > Para: E-GIM Security
> > CC: Netfilter Mailing List
> > Asunto: Re: Iptables and various domains
> >
> >
> > Hi
> >
> > Yes and maybe no. If your domains are virtually hosted (they resolve to
> > the same ip numbers) then no. iptables cannot redirect traffic in this
> > case - it uses ip numbers. You would need to use something like Apache
> > virtual hosting and possibly redirect pages to accomplish your goal in
> > this case.
> >
> > If your domains resolve to different ip numbers, then iptables can be
> > your solution:
> >
> > iptables -t nat -A PREROUTING -d www.dom1.com -p tcp --dport 80 -j
> > REDIRECT --to-destination webserver-1:80
> > iptables -t nat -A PREROUTING -d www.dom2.com -p tcp --dport 80 -j
> > REDIRECT --to-destination webserver-1:80
> > iptables -t nat -A PREROUTING -d www.dom3.com -p tcp --dport 80 -j
> > REDIRECT --to-destination webserver-2:80
> > iptables -t nat -A PREROUTING -d www.dom4.com -p tcp --dport 80 -j
> > REDIRECT --to-destination webserver-2:80
> >
> > Remember, to use iptables like above, www.dom1.com, www.dom2.com,
> > www.dom3.com, www.dom4.com must resolve to different ip numbers.
> >
> > Ray
> >
> >
> > On Thu, 2002-12-12 at 10:58, E-GIM Security wrote:
> > > Hi,
> > >
> > > Can Iptables route by domains? For example, I have a
> > webserver and my
> > > firewall with iptables route all request on port 80 throw IP
> > webserver. I
> > > need add another webserver, and various domains (www.dom1.com,
>www.dom2.com)
> > will be redirect to webserver-1 and other domains (www.dom3.com,
> > www.dom4.com) will be redirect to webserver-2. Can IPTables help me? Which
> > is the solution)
> >
> > Thanks and sorry ... my english is very poor.
> >
> > José Antonio García García
> > Technical Internet Solutions
> >
> > E-GIM +34 952700010
> > http://www.e-gim.es
> >
>--
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>( Raymond Leach )
> ) Knowledge Factory (
>( )
> ) Tel: +27 11 445 8100 (
>( Fax: +27 11 445 8101 )
> ) (
>( http://www.knowledgefactory.co.za/ )
> ) http://www.saptg.co.za/ (
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> o o
> o o
> .--. .--.
> | o_o| |o_o |
> | \_:| |:_/ |
> / / \\ // \ \
> ( | |) (| | )
> /`\_ _/'\ /'\_ _/`\
> \___)=(___/ \___)=(___/
^ permalink raw reply [flat|nested] 6+ messages in thread
* Iptables and various domains
@ 2002-12-12 8:58 E-GIM Security
2002-12-12 8:14 ` Raymond Leach
2002-12-12 9:29 ` Blizzards
0 siblings, 2 replies; 6+ messages in thread
From: E-GIM Security @ 2002-12-12 8:58 UTC (permalink / raw)
To: netfilter
Hi,
Can Iptables route by domains? For example, I have a webserver and my
firewall with iptables route all request on port 80 throw IP webserver. I
need add another webserver, and various domains (www.dom1.com, www.dom2.com)
will be redirect to webserver-1 and other domains (www.dom3.com,
www.dom4.com) will be redirect to webserver-2. Can IPTables help me? Which
is the solution)
Thanks and sorry ... my english is very poor.
José Antonio García García
Technical Internet Solutions
E-GIM +34 952700010
http://www.e-gim.es
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Iptables and various domains
2002-12-12 8:58 Iptables and various domains E-GIM Security
2002-12-12 8:14 ` Raymond Leach
@ 2002-12-12 9:29 ` Blizzards
1 sibling, 0 replies; 6+ messages in thread
From: Blizzards @ 2002-12-12 9:29 UTC (permalink / raw)
To: E-GIM Security; +Cc: netfilter
This is not an iptables work.
You can use iptables to DNAT your webserver1 and webserver2 port 80 to
internal webservers port 80,
and use HTTPd (like apache, iis, netscape, zeus, ecc) + DNS to do a
name based virtual hosts resolving.
Bye.
G.
> Hi,
>
> Can Iptables route by domains? For example, I have a webserver and my
>firewall with iptables route all request on port 80 throw IP webserver. I
>need add another webserver, and various domains (www.dom1.com, www.dom2.com)
>will be redirect to webserver-1 and other domains (www.dom3.com,
>www.dom4.com) will be redirect to webserver-2. Can IPTables help me? Which
>is the solution)
>
> Thanks and sorry ... my english is very poor.
>
>José Antonio García García
>Technical Internet Solutions
>
>E-GIM +34 952700010
>http://www.e-gim.es
>
>
>
>
>
>
^ permalink raw reply [flat|nested] 6+ messages in thread
* RE: Iptables and various domains
2002-12-12 8:14 ` Raymond Leach
@ 2002-12-12 9:34 ` E-GIM Security
2002-12-12 8:52 ` Raymond Leach
2002-12-12 8:55 ` Rasmus Reinholdt Nielsen
0 siblings, 2 replies; 6+ messages in thread
From: E-GIM Security @ 2002-12-12 9:34 UTC (permalink / raw)
To: netfilter; +Cc: raymondl
Thanks Raymond:
My domains are virtually hosted. Problems is the next: We have various apps
in IIS-Windows and ASP technologic. Future developments we need will be
hosted on Linux with Apache+Tomcat. But, we only use one IP number. Do you
know another solution?
Thanks a lot
> -----Mensaje original-----
> De: Raymond Leach [mailto:raymondl@knowledgefactory.co.za]
> Enviado el: jueves, 12 de diciembre de 2002 8:15
> Para: E-GIM Security
> CC: Netfilter Mailing List
> Asunto: Re: Iptables and various domains
>
>
> Hi
>
> Yes and maybe no. If your domains are virtually hosted (they resolve to
> the same ip numbers) then no. iptables cannot redirect traffic in this
> case - it uses ip numbers. You would need to use something like Apache
> virtual hosting and possibly redirect pages to accomplish your goal in
> this case.
>
> If your domains resolve to different ip numbers, then iptables can be
> your solution:
>
> iptables -t nat -A PREROUTING -d www.dom1.com -p tcp --dport 80 -j
> REDIRECT --to-destination webserver-1:80
> iptables -t nat -A PREROUTING -d www.dom2.com -p tcp --dport 80 -j
> REDIRECT --to-destination webserver-1:80
> iptables -t nat -A PREROUTING -d www.dom3.com -p tcp --dport 80 -j
> REDIRECT --to-destination webserver-2:80
> iptables -t nat -A PREROUTING -d www.dom4.com -p tcp --dport 80 -j
> REDIRECT --to-destination webserver-2:80
>
> Remember, to use iptables like above, www.dom1.com, www.dom2.com,
> www.dom3.com, www.dom4.com must resolve to different ip numbers.
>
> Ray
>
>
> On Thu, 2002-12-12 at 10:58, E-GIM Security wrote:
> > Hi,
> >
> > Can Iptables route by domains? For example, I have a
> webserver and my
> > firewall with iptables route all request on port 80 throw IP
> webserver. I
> > need add another webserver, and various domains (www.dom1.com,
www.dom2.com)
> will be redirect to webserver-1 and other domains (www.dom3.com,
> www.dom4.com) will be redirect to webserver-2. Can IPTables help me? Which
> is the solution)
>
> Thanks and sorry ... my english is very poor.
>
> José Antonio García García
> Technical Internet Solutions
>
> E-GIM +34 952700010
> http://www.e-gim.es
>
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
( Raymond Leach )
) Knowledge Factory (
( )
) Tel: +27 11 445 8100 (
( Fax: +27 11 445 8101 )
) (
( http://www.knowledgefactory.co.za/ )
) http://www.saptg.co.za/ (
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
o o
o o
.--. .--.
| o_o| |o_o |
| \_:| |:_/ |
/ / \\ // \ \
( | |) (| | )
/`\_ _/'\ /'\_ _/`\
\___)=(___/ \___)=(___/
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2002-12-12 9:34 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2002-12-12 8:58 Iptables and various domains E-GIM Security
2002-12-12 8:14 ` Raymond Leach
2002-12-12 9:34 ` E-GIM Security
2002-12-12 8:52 ` Raymond Leach
2002-12-12 8:55 ` Rasmus Reinholdt Nielsen
2002-12-12 9:29 ` Blizzards
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.