Hostname Routing

Hostname Routing

[Cody Harris]

Hello. I have researched your database on this subject (hostname routing), but 
found nothing much. What i want is to take domain.com:* and deliver that to 
the local machine (127.0.0.1), but i want alt.domain.com:* to go to 
192.0.0.2. How is this done?

-Cody

Re: Hostname Routing

[Alistair Tonner]

	Not in IPTABLES.
	  Use apache.

On September 6, 2003 07:53 pm, Cody Harris wrote:
> Hello. I have researched your database on this subject (hostname routing),
> but found nothing much. What i want is to take domain.com:* and deliver
> that to the local machine (127.0.0.1), but i want alt.domain.com:* to go to
> 192.0.0.2. How is this done?
>
> -Cody

-- 

	Alistair Tonner
	nerdnet.ca
	Senior Systems Analyst - RSS
	
     Any sufficiently advanced technology will have the appearance of magic.
	Lets get magical!

Re: Hostname Routing

[Cody Harris]

It's 2 different computers. How will that work? 

On Saturday 06 September 2003 10:13 pm, you wrote:
> Not in IPTABLES.
> 	  Use apache.
>
> On September 6, 2003 07:53 pm, Cody Harris wrote:
> > Hello. I have researched your database on this subject (hostname
> > routing), but found nothing much. What i want is to take domain.com:* and
> > deliver that to the local machine (127.0.0.1), but i want
> > alt.domain.com:* to go to 192.0.0.2. How is this done?
> >
> > -Cody

Re: Hostname Routing

[Alistair Tonner]

	Apache reverse proxy

From Apache's website .....:
A reverse proxy, by contrast, appears to the client just like an ordinary web 
server. No special configuration on the client is necessary. The client makes 
ordinary requests for content in the name-space of the reverse proxy. The 
reverse proxy then decides where to send those requests, and returns the 
content as if it was itself the origin.

A typical usage of a reverse proxy is to provide Internet users access to a 
server that is behind a firewall. Reverse proxies can also be used to balance 
load among several back-end servers, or to provide caching for a slower 
back-end server. In addition, reverse proxies can be used simply to bring 
several servers into the same URL space.

A reverse proxy is activated using the ProxyPass directive or the [P] flag to 
the RewriteRule directive. It is not necessary to turn ProxyRequests on in 
order to configure a reverse proxy.



On September 6, 2003 09:16 pm, Cody Harris wrote:
> It's 2 different computers. How will that work?
>
> On Saturday 06 September 2003 10:13 pm, you wrote:
> > Not in IPTABLES.
> > 	  Use apache.
> >
> > On September 6, 2003 07:53 pm, Cody Harris wrote:
> > > Hello. I have researched your database on this subject (hostname
> > > routing), but found nothing much. What i want is to take domain.com:*
> > > and deliver that to the local machine (127.0.0.1), but i want
> > > alt.domain.com:* to go to 192.0.0.2. How is this done?
> > >
> > > -Cody

-- 

	Alistair Tonner
	nerdnet.ca
	Senior Systems Analyst - RSS
	
     Any sufficiently advanced technology will have the appearance of magic.
	Lets get magical!

Re: Hostname Routing

[Cody Harris]

Ok, that's apache, how about my webmin, Postfix, CUCIPOP, MySQL and proftpd?

On Saturday 06 September 2003 10:29 pm, you wrote:
> Apache reverse proxy
>
> From Apache's website .....:
> A reverse proxy, by contrast, appears to the client just like an ordinary
> web server. No special configuration on the client is necessary. The client
> makes ordinary requests for content in the name-space of the reverse proxy.
> The reverse proxy then decides where to send those requests, and returns
> the content as if it was itself the origin.
>
> A typical usage of a reverse proxy is to provide Internet users access to a
> server that is behind a firewall. Reverse proxies can also be used to
> balance load among several back-end servers, or to provide caching for a
> slower back-end server. In addition, reverse proxies can be used simply to
> bring several servers into the same URL space.
>
> A reverse proxy is activated using the ProxyPass directive or the [P] flag
> to the RewriteRule directive. It is not necessary to turn ProxyRequests on
> in order to configure a reverse proxy.
>
> On September 6, 2003 09:16 pm, Cody Harris wrote:
> > It's 2 different computers. How will that work?
> >
> > On Saturday 06 September 2003 10:13 pm, you wrote:
> > > Not in IPTABLES.
> > > 	  Use apache.
> > >
> > > On September 6, 2003 07:53 pm, Cody Harris wrote:
> > > > Hello. I have researched your database on this subject (hostname
> > > > routing), but found nothing much. What i want is to take domain.com:*
> > > > and deliver that to the local machine (127.0.0.1), but i want
> > > > alt.domain.com:* to go to 192.0.0.2. How is this done?
> > > >
> > > > -Cody

Re: Hostname Routing

[Ralf Spenneberg]

Am Son, 2003-09-07 um 01.53 schrieb Cody Harris:
> Hello. I have researched your database on this subject (hostname routing), but 
> found nothing much. What i want is to take domain.com:* and deliver that to 
> the local machine (127.0.0.1), but i want alt.domain.com:* to go to 
> 192.0.0.2. How is this done?
Am I missing something?
What about the following in /etc/hosts:
127.0.0.1 localhost localhost.localdomain domain.com
192.0.0.2 alt.domain.com

Or do it on you DNS server.

Cheers,

Ralf
-- 
Ralf Spenneberg
RHCE, RHCX

Book: Intrusion Detection für Linux Server   http://www.spenneberg.com
IPsec-Howto				     http://www.ipsec-howto.org
Honeynet Project Mirror:                     http://honeynet.spenneberg.org

Re: Hostname Routing

[Cody Harris]

On Sunday 07 September 2003 6:11 am, Ralf Spenneberg wrote:
> Am Son, 2003-09-07 um 01.53 schrieb Cody Harris:
> > Hello. I have researched your database on this subject (hostname
> > routing), but found nothing much. What i want is to take domain.com:* and
> > deliver that to the local machine (127.0.0.1), but i want
> > alt.domain.com:* to go to 192.0.0.2. How is this done?
>
> Am I missing something?
> What about the following in /etc/hosts:
> 127.0.0.1 localhost localhost.localdomain domain.com
> 192.0.0.2 alt.domain.com
>
> Or do it on you DNS server.
>
> Cheers,
>
> Ralf

Re: Hostname Routing

[Cody Harris]

Oops, forgot to add my message.

This DOES not work (adding the line to /etc/hosts)

----------  Forwarded Message  ----------

Subject: Re: Hostname Routing
Date: Sunday 07 September 2003 3:39 pm
From: Cody Harris <hchs@ns.sympatico.ca>
To: netfilter@lists.netfilter.org

On Sunday 07 September 2003 6:11 am, Ralf Spenneberg wrote:
> Am Son, 2003-09-07 um 01.53 schrieb Cody Harris:
> > Hello. I have researched your database on this subject (hostname
> > routing), but found nothing much. What i want is to take domain.com:* and
> > deliver that to the local machine (127.0.0.1), but i want
> > alt.domain.com:* to go to 192.0.0.2. How is this done?
>
> Am I missing something?
> What about the following in /etc/hosts:
> 127.0.0.1 localhost localhost.localdomain domain.com
> 192.0.0.2 alt.domain.com
>
> Or do it on you DNS server.
>
> Cheers,
>
> Ralf

-------------------------------------------------------

Re: Hostname Routing --

[Alistair Tonner]

	My point is that if you intend to both accept and forward connections 
	of a certain type at your firewall, you must use a proxy of some sort.
	
	If your local firewall is not accepting any connections of a specific type, 
	you can use iptables forwarding to make the connections go 
	where you want, i.e., --dport xxx -j DNAT (to ip of actual host) 
	+ the forward rule to handle passing the prerouting mangled
	DNAT packet through the firewall, however this will still not be
	hostname based., only connection based.
	
	For hostname based routing, again, in any connection type
	you need to use a proxy or some sort of gateway server, 
	that handles the reconnection to the inside servers.

	Look for (protocol) proxy and (protocol) gateway in google.

	I've heard of proxy servers for ftp, but am not personally aware 
	of them, and I believe that squid can do this, although I'm not
	100% sure.... For pop connections I know that there is a method
	of proxying through a gateway server ... although not something
	I've personally put into use.  As far as I know, webmin should be 
	capable of being a proxy for inside webmins (it is after all essentially
	a webserver, with some unusual priviledges.), Alternatively, you could give
	each internal host webmin a different port, and route based on the connection
	to the port, based on the DNAT stuff above. For SMTP, you need 
	to configure your outside server to accept for internal servers and 
	forward to them ... that's presumably what its on the outside for.
	
	I have seen an installation where sql connections were being routed 
	around a firewall, 	but required a separate server that handled 
	connections by SID not hostname, so I'm no help there.... 
	although I was given to understand that the server could also 
	route the conection to the correct DB server based on *originating*
	hostname, not destination hostname.

	The reason putting the alt.domain.com address in /etc/hosts 
	didn't work, is because the packet arrived with your outside address
	on it and there was nothing that looked at the packet and routed it
	based on the hostname in the packet, and the entry in /etc/hosts .. 
	that is what a proxy (for that protocol) could do.

	Of course, to be utterly ridiculous one could write a string match
	for each protocol that could read the initial connection packet, 
	and attempt to parse a hostname out of that packet, and manage
	the connection that way, but that way lies ..... 
	(comes to mind a quote)

	
On September 6, 2003 09:31 pm, Cody Harris wrote:
> Ok, that's apache, how about my webmin, Postfix, CUCIPOP, MySQL and
> proftpd?
>
> On Saturday 06 September 2003 10:29 pm, you wrote:
> > Apache reverse proxy
> >
> > From Apache's website .....:
> > A reverse proxy, by contrast, appears to the client just like an ordinary
> > web server. No special configuration on the client is necessary. The
> > client makes ordinary requests for content in the name-space of the
> > reverse proxy. The reverse proxy then decides where to send those
> > requests, and returns the content as if it was itself the origin.
> >
> > A typical usage of a reverse proxy is to provide Internet users access to
> > a server that is behind a firewall. Reverse proxies can also be used to
> > balance load among several back-end servers, or to provide caching for a
> > slower back-end server. In addition, reverse proxies can be used simply
> > to bring several servers into the same URL space.
> >
> > A reverse proxy is activated using the ProxyPass directive or the [P]
> > flag to the RewriteRule directive. It is not necessary to turn
> > ProxyRequests on in order to configure a reverse proxy.
> >
> > On September 6, 2003 09:16 pm, Cody Harris wrote:
> > > It's 2 different computers. How will that work?
> > >
> > > On Saturday 06 September 2003 10:13 pm, you wrote:
> > > > Not in IPTABLES.
> > > > 	  Use apache.
> > > >
> > > > On September 6, 2003 07:53 pm, Cody Harris wrote:
> > > > > Hello. I have researched your database on this subject (hostname
> > > > > routing), but found nothing much. What i want is to take
> > > > > domain.com:* and deliver that to the local machine (127.0.0.1), but
> > > > > i want alt.domain.com:* to go to 192.0.0.2. How is this done?
> > > > >
> > > > > -Cody

-- 

	Alistair Tonner
	nerdnet.ca
	Senior Systems Analyst - RSS
	
     Any sufficiently advanced technology will have the appearance of magic.
	Lets get magical!

Re: Hostname Routing

[Ralf Spenneberg]

Am Son, 2003-09-07 um 20.41 schrieb Cody Harris:
> Oops, forgot to add my message.
> 
> This DOES not work (adding the line to /etc/hosts)
Ok. 
Where do your requests come from? From the outside?
Then you need to update your DNS, so everybody else uses the correct IP
addresses. If you can't do that, you need a name-aware proxy for every
service you want.

Cheers,

Ralf
> 
> ----------  Forwarded Message  ----------
> 
> Subject: Re: Hostname Routing
> Date: Sunday 07 September 2003 3:39 pm
> From: Cody Harris <hchs@ns.sympatico.ca>
> To: netfilter@lists.netfilter.org
> 
> On Sunday 07 September 2003 6:11 am, Ralf Spenneberg wrote:
> > Am Son, 2003-09-07 um 01.53 schrieb Cody Harris:
> > > Hello. I have researched your database on this subject (hostname
> > > routing), but found nothing much. What i want is to take domain.com:* and
> > > deliver that to the local machine (127.0.0.1), but i want
> > > alt.domain.com:* to go to 192.0.0.2. How is this done?
> >
> > Am I missing something?
> > What about the following in /etc/hosts:
> > 127.0.0.1 localhost localhost.localdomain domain.com
> > 192.0.0.2 alt.domain.com
> >
> > Or do it on you DNS server.
> >
> > Cheers,
> >
> > Ralf
> 
> -------------------------------------------------------
-- 
Ralf Spenneberg
RHCE, RHCX

Book: Intrusion Detection für Linux Server   http://www.spenneberg.com
IPsec-Howto				     http://www.ipsec-howto.org
Honeynet Project Mirror:                     http://honeynet.spenneberg.org

Re: Hostname Routing

[Cody Harris]

On Monday 08 September 2003 8:14 am, Ralf Spenneberg wrote:
> Am Son, 2003-09-07 um 20.41 schrieb Cody Harris:
> > Oops, forgot to add my message.
> >
> > This DOES not work (adding the line to /etc/hosts)
>
> Ok.
> Where do your requests come from? From the outside?
> Then you need to update your DNS, so everybody else uses the correct IP
> addresses. If you can't do that, you need a name-aware proxy for every
> service you want.

Yes. They all come from outside. Will squid work?

>
> Cheers,
>
> Ralf
>
> > ----------  Forwarded Message  ----------
> >
> > Subject: Re: Hostname Routing
> > Date: Sunday 07 September 2003 3:39 pm
> > From: Cody Harris <hchs@ns.sympatico.ca>
> > To: netfilter@lists.netfilter.org
> >
> > On Sunday 07 September 2003 6:11 am, Ralf Spenneberg wrote:
> > > Am Son, 2003-09-07 um 01.53 schrieb Cody Harris:
> > > > Hello. I have researched your database on this subject (hostname
> > > > routing), but found nothing much. What i want is to take domain.com:*
> > > > and deliver that to the local machine (127.0.0.1), but i want
> > > > alt.domain.com:* to go to 192.0.0.2. How is this done?
> > >
> > > Am I missing something?
> > > What about the following in /etc/hosts:
> > > 127.0.0.1 localhost localhost.localdomain domain.com
> > > 192.0.0.2 alt.domain.com
> > >
> > > Or do it on you DNS server.
> > >
> > > Cheers,
> > >
> > > Ralf
> >
> > -------------------------------------------------------