Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have a question and I have tried doing some research already, but I am stuck.
I have 2 webservers that host seperate domains. I want to use the primary webserver's iptables to forward to the secondary web server if the destination is the secondary domain.
What's your network setup ? Is the primary web server directly connected to the internet (as a gateway) or do you have other devices doing gateway/routing ?
Both machines are behind a firewall and are in a DMZ. The firewall forwards all port 80 requests to the primary. The primary is running a iptables to block my blacklist.
I am hoping I can make the primary forward secondary domain requests to the secondary machine...
I ask becasue with iptables itself it'll be nearly impossible to do, AFAIK, because iptables won't be able to decompose the packet and determine which host name it's for; iptables only knows about IP (and MAC) addresses to identify hosts. So when you get hit on port 80 iptables will only know that there is an incoming connection from some host on the internet for that computer, not what the original URL string was.
What you could consider doing is set up SQUID or some other software to proxy the incoming connection for you; that way you could get it to redirect the connection to the appropriate server.
The best way to go about it, though, would be to make the routing decision at the router itself. Having each connection go the the PWS and then have IT forward to the SWS is inefficient.
Now, a possible workaround: why is the other site on a different server? Is it feasible in your setup to have the files mounted from the secondary server to the primary via NFS and then just change the httpd.conf to add a virtual host ?
Distribution: debian, gentoo, os x (darwin), ubuntu
Posts: 940
Rep:
you could run both websites on one server and let apache do the the decision bit of this job... pointing the websites doc-root to /var/www/website1 and /var/www/website2
Distribution: debian, gentoo, os x (darwin), ubuntu
Posts: 940
Rep:
it might be the only way of doing it!
have a look at this scenario:
your adsl modem's ip: 10.0.3.3
your dns records:
blah.example.com -> 10.0.3.3
foo.example.com -> 10.0.3.3
iptables will only be able to filter according to ip's, it will not look where somebody might want to connect to, and is not able to, since this info is in the header data a browser sends to the your server.
iptables will only do following:
incomming (packet - these things are pretty tiny) from x.x.x.x to 10.0.3.3 source port: 35682 desp port:80
what should i do with traffic to 10.0.3.3:80 - i send it to this server here - regardless...
and if you really have to have your data on different servers... smbmount, and that sounds really messy for a webserver setup.
Thanks for the input folks I really appreciate it.
My thinking about using seperate machines is that one of them is more secure than the other. Simply by the content of the sites and the fact that one will be more open to the world while one is pretty tight.
I have decided to make a router change and do the domain processing at the router. It is the most efficient way.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.