Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I'd like to know if it's possible to forward ports depending on what domain name (actually, subdomain) is being consumed.
Here's an example list of facts:
example.com is being hosted remotely in some server farm somewhere. That server is hosting a BIND DNS server, iptables firewall, and an Apache2 Web server. (therefore, www.example.com:80 would show their Web site, hosted on example.com).
The client has router.example.com pointing to the IP address of the router at their physical location. router.example.com:80 shows the router's config page.
router.example.com:8080 is pointing to port 80 on a local machine being serviced by the router, say 192.168.1.2:80. It has a hostname of "machinea.lan".
router.example.com:8081 is pointing to port 80 on a local machine being serviced by the router, say 192.168.1.3:80. It has a hostname of "machineb.lan".
The client would like machinea.example.com:80 to point to router.example.com:8080.
The client would like machineb.example.com:80 to point to router.example.com:8081.
In effect, this would cause machinea.example.com:80 to point to machinea.lan:80 and machineb.example.com:80 to point to machineb.lan:80.
not sure i can really get my head around exactly what it is you want to achieve, a diagram would help an awful lot, but essentially you seem to just want a reverse proxy, something apache can very easily do. if you port forward external port 80 to an internal server runnign apache then requesting various url's with dns records pointing to that one ip can be redirected internally by the apache server to any relative url reachable from the lan. so you can tell apache to server localcomputer.example.com when someone asks for www.example.com/localcomputer even though localcomputer.example.com is only reachable on a local netwrok by the apache front end instance.
i think that the request to show router.example.com is clouding the situation a little, as the potentially could be globally reachable, but if you're just treating it as any other local box then that's fine. by fine i don't mean it's a *good* idea though... allowing literally global access to the configuration of your main router is a very veyr dumb thing to do!
It seems to me that this would only cover protocols that Apache already supports. Is there a way to do this by combining BIND and iptables? AFAIK, port-forwarding using iptables is only based on IP address, not domain name. Is there a way to get iptables to send a query to BIND (or whatever DNS is installed) when it encounters a domain name instead of IP address? Is there a firewall other than iptables that would accomplish this? I'd be willing to go a non-iptables route if it meant that I could get this working. Even if I could forward these ports based on domain name using a completely different solution, such as SSH, I'd go for it.
A short and simple description of what I need to be able to do:
I need subA.example.com:80 to forward to subC.example.com:8080 and subB.example.com:80 to forward to subC.example.com:8081, regardless of protocol.
ahh well your detailed exaples only covered http stuff, so that was where i went... the reason it's possible within apache is that http requests contain domain names in addition to using the domain name to resovle to an ip address. at an TCP/IP level there is no knowledge whatsoever of a domain name. it just doesn't exist, it's ip address to ip address. you *must* work at application level, and have an application protocol that supports this sort of thing, e.g. HTTP, FTP etc... other uses of domain names cease to exist once the ip packet is created on the cilent machine. it's just pure ip from then on.
Linux Distro's with specialized security related offerings are available. Try the home pages for:..."SmoothWall", "Gibralter", and "IPCop". There are more. Good luck.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.