hello all
can i use fully qualified domain name or domain name only while applying
iptables firewall. i am going to use dnat so is this possible. my internet ip is 195.148.68.49 which is eth1 and the lan ip eth0 is 192.168.0.1. 192.168.0.200 is a webserver. Let's say i am hosting a web site named abc.com. on 192.168.0.200. This is a registered domain. then can i do the following??

/sbin/iptables -t nat -A PREROUTING -p tcp -i eth1 -d www.abc.com --dport 80 -j DNAT --to www.abc.com:80
/sbin/iptables -A FORWARD -p tcp -i eth1 -d 192.168.0.200 --dport 80 -j ACCEPT

A rule will load with as many ip numbers as it can find for the domain name..

Usually, many domains use one ip number, so it's better to make the rule with numbers.

then i think it will create a problem because

in the httpd.conf file i will be doing the following

<VirtualHost 192.168.0.200>
ServerName abc.com
DocumentRoot /var/www/html/abc
</VirtualHost>

Now let's say that i want to host one more site . Then in this case if my iptables rule will be in number then the first priority will be given to abc.com. Then i can't use DNAT for the other site. any solutions...

No problem..

iptables handles the ip number forwarding to find the server, and the apache conf file handles the many virtual names in the server. Each virtual server definition will be for a different site, so rather than doing <VirtualHost 192.168.0.200> do <VirtualHost www.abc.com>

Thanks peter_robb

I will try it out.

But tell me if i can use FQDN for DNAT.

Sure can.. It will work..
but expect strange results.. YMMV