Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
SDN 101: An Introduction to Software Defined Networking
Discover the advantages of SDN.
SDN has quickly become one of the hottest trends in IT. But not all SDN solutions offer real software-defined functionality. As more enterprises consider SDN, they want to know, “What is SDN? And what are the real benefits?” If you're ready to explore the advantages of SDN, and want to know how it should be implemented within your enterprise, start by reading our introductory white paper.
Click Here to receive this Complete Guide absolutely free.
I ask becasue with iptables itself it'll be nearly impossible to do, AFAIK, because iptables won't be able to decompose the packet and determine which host name it's for; iptables only knows about IP (and MAC) addresses to identify hosts. So when you get hit on port 80 iptables will only know that there is an incoming connection from some host on the internet for that computer, not what the original URL string was.
What you could consider doing is set up SQUID or some other software to proxy the incoming connection for you; that way you could get it to redirect the connection to the appropriate server.
The best way to go about it, though, would be to make the routing decision at the router itself. Having each connection go the the PWS and then have IT forward to the SWS is inefficient.
Now, a possible workaround: why is the other site on a different server? Is it feasible in your setup to have the files mounted from the secondary server to the primary via NFS and then just change the httpd.conf to add a virtual host ?
Distribution: debian, gentoo, os x (darwin), ubuntu
it might be the only way of doing it!
have a look at this scenario:
your adsl modem's ip: 10.0.3.3
your dns records:
blah.example.com -> 10.0.3.3
foo.example.com -> 10.0.3.3
iptables will only be able to filter according to ip's, it will not look where somebody might want to connect to, and is not able to, since this info is in the header data a browser sends to the your server.
iptables will only do following:
incomming (packet - these things are pretty tiny) from x.x.x.x to 10.0.3.3 source port: 35682 desp port:80
what should i do with traffic to 10.0.3.3:80 - i send it to this server here - regardless...
and if you really have to have your data on different servers... smbmount, and that sounds really messy for a webserver setup.
Thanks for the input folks I really appreciate it.
My thinking about using seperate machines is that one of them is more secure than the other. Simply by the content of the sites and the fact that one will be more open to the world while one is pretty tight.
I have decided to make a router change and do the domain processing at the router. It is the most efficient way.