* iptables to redir subdomain to certain ports
@ 2007-01-13 15:34 Andras Izsof
2007-01-13 16:11 ` Jan Engelhardt
0 siblings, 1 reply; 3+ messages in thread
From: Andras Izsof @ 2007-01-13 15:34 UTC (permalink / raw)
To: netfilter
Hi,
I need to redirect certain subdomains to certain ports on the same
server and vice versa. The most important is, that the manoeuvre must
be transparent to the client, because most company firewalls only
allow www data on port 80. So if I use a dl.domain.com:81 link on my
page, then it will be inaccessible for the "firewalled ones".
So if a request comes in for www.domain.com, then I need that to be
redirected to port 80(apache), that's OK, but when dl.domain.com pops
in, then port 81(thttpd) would be the target. Can this be done with
iptables and if so how?
Long ago someone recommended an iptables package for me, which is
capable of this, but can't find anything about it :(.
Thanks
DF
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: iptables to redir subdomain to certain ports
2007-01-13 15:34 iptables to redir subdomain to certain ports Andras Izsof
@ 2007-01-13 16:11 ` Jan Engelhardt
2007-01-15 4:23 ` Grant Taylor
0 siblings, 1 reply; 3+ messages in thread
From: Jan Engelhardt @ 2007-01-13 16:11 UTC (permalink / raw)
To: Andras Izsof; +Cc: netfilter
>
> So if a request comes in for www.domain.com, then I need that to be
> redirected to port 80(apache), that's OK, but when dl.domain.com pops
> in, then port 81(thttpd) would be the target. Can this be done with
> iptables and if so how?
Only if www.domain.com has a distinct ip address from dl.domain.com. If
that does not hold true, use Apache's mod_rewrite magic, because then
you are actually working on l7 rather than l3.
-`J'
--
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: iptables to redir subdomain to certain ports
2007-01-13 16:11 ` Jan Engelhardt
@ 2007-01-15 4:23 ` Grant Taylor
0 siblings, 0 replies; 3+ messages in thread
From: Grant Taylor @ 2007-01-15 4:23 UTC (permalink / raw)
To: Mail List - Netfilter
On 01/13/07 10:11, Jan Engelhardt wrote:
> Only if www.domain.com has a distinct ip address from dl.domain.com. If
> that does not hold true, use Apache's mod_rewrite magic, because then
> you are actually working on l7 rather than l3.
I'm not sure that mod_rewrite by its self will provide that much help.
If you use mod_proxy, possibly in conjunction with mod_rewrite, you can
configure a virtual domain of Apache to be a reverse proxy. Thus when a
client connects to Apache on 80 asking for a virtual domain, Apache will
then go and as thttpd for the contents on behalf of the client. This
will mean that the clients will never have to choose a different port.
If you need help with such, email me directly as this is not really a
Netfilter issue.
Regarding L7 filter, it may work, but you would have to make sure that
the returning traffic was un-redirected. If you do not un-redirect the
traffic, there is a very good chance that clients will see returning
traffic directly from the thttpd server on port 81, thus the clients
firewall and / or client IP stack will stop the connection.
Grant. . . .
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2007-01-15 4:23 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-01-13 15:34 iptables to redir subdomain to certain ports Andras Izsof
2007-01-13 16:11 ` Jan Engelhardt
2007-01-15 4:23 ` Grant Taylor
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.