Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
I ask becasue with iptables itself it'll be nearly impossible to do, AFAIK, because iptables won't be able to decompose the packet and determine which host name it's for; iptables only knows about IP (and MAC) addresses to identify hosts. So when you get hit on port 80 iptables will only know that there is an incoming connection from some host on the internet for that computer, not what the original URL string was.
What you could consider doing is set up SQUID or some other software to proxy the incoming connection for you; that way you could get it to redirect the connection to the appropriate server.
The best way to go about it, though, would be to make the routing decision at the router itself. Having each connection go the the PWS and then have IT forward to the SWS is inefficient.
Now, a possible workaround: why is the other site on a different server? Is it feasible in your setup to have the files mounted from the secondary server to the primary via NFS and then just change the httpd.conf to add a virtual host ?
Distribution: debian, gentoo, os x (darwin), ubuntu
it might be the only way of doing it!
have a look at this scenario:
your adsl modem's ip: 10.0.3.3
your dns records:
blah.example.com -> 10.0.3.3
foo.example.com -> 10.0.3.3
iptables will only be able to filter according to ip's, it will not look where somebody might want to connect to, and is not able to, since this info is in the header data a browser sends to the your server.
iptables will only do following:
incomming (packet - these things are pretty tiny) from x.x.x.x to 10.0.3.3 source port: 35682 desp port:80
what should i do with traffic to 10.0.3.3:80 - i send it to this server here - regardless...
and if you really have to have your data on different servers... smbmount, and that sounds really messy for a webserver setup.
Thanks for the input folks I really appreciate it.
My thinking about using seperate machines is that one of them is more secure than the other. Simply by the content of the sites and the fact that one will be more open to the world while one is pretty tight.
I have decided to make a router change and do the domain processing at the router. It is the most efficient way.