dugas, i think what whohasit is wanting is:
if an external client attempts to connect to {apple,orange,grape}.example.com they will all three hit port 80 on the router/firewall/gateway, based on the destination (apple,orange,grape) the rtr/fw/gw will forward the request on to the correct (internal) system
whohasit,
i believe you can do this if dns resolves correctly so that banana knows what the internal ip to use for apple/orange/grape using iptables. i do not have a setup that i can test so it will just need to be attempted. i believe it would look something like this...
assumed: eth0 = Public; eth1 = Private
Code:
iptables -t nat -A PREROUTING -s 0/0 -d apple.example.com -i eth0 -p tcp --dport 80 -j DNAT --to apple.example.com:80
iptables -t nat -A PREROUTING -s 0/0 -d orange.example.com -i eth0 -p tcp --dport 80 -j DNAT --to orange.example.com:80
iptables -t nat -A PREROUTING -s 0/0 -d grape.example.com -i eth0 -p tcp --dport 80 -j DNAT --to grape.example.com:80
iptables -A FORWARD -s 0/0 -d apple.example.com -p tcp --dport 80 -m state --state NEW -i eth0 -o eth0 -j ACCEPT
iptables -A FORWARD -s 0/0 -d orange.example.com -p tcp --dport 80 -m state --state NEW -i eth0 -o eth0 -j ACCEPT
iptables -A FORWARD -s 0/0 -d grape.example.com -p tcp --dport 80 -m state --state NEW -i eth0 -o eth0 -j ACCEPT
you will need to place the nat prerouting and forward before any exclusive DROPs you have in your firewall/iptables rules now for those chains
hope this helps