LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 11-02-2006, 06:16 PM   #1
cparker15
Member
 
Registered: Jan 2003
Location: Malden, MA
Distribution: Debian, FreeBSD, gNewSense, Ubuntu, Ututo
Posts: 73

Rep: Reputation: 15
Domain-based Port Forwarding?


I'd like to know if it's possible to forward ports depending on what domain name (actually, subdomain) is being consumed.

Here's an example list of facts:
  • example.com is being hosted remotely in some server farm somewhere. That server is hosting a BIND DNS server, iptables firewall, and an Apache2 Web server. (therefore, www.example.com:80 would show their Web site, hosted on example.com).
  • The client has router.example.com pointing to the IP address of the router at their physical location. router.example.com:80 shows the router's config page.
  • router.example.com:8080 is pointing to port 80 on a local machine being serviced by the router, say 192.168.1.2:80. It has a hostname of "machinea.lan".
  • router.example.com:8081 is pointing to port 80 on a local machine being serviced by the router, say 192.168.1.3:80. It has a hostname of "machineb.lan".
  • The client would like machinea.example.com:80 to point to router.example.com:8080.
  • The client would like machineb.example.com:80 to point to router.example.com:8081.
  • In effect, this would cause machinea.example.com:80 to point to machinea.lan:80 and machineb.example.com:80 to point to machineb.lan:80.

Is something like this possible?

Last edited by cparker15; 11-02-2006 at 06:18 PM.
 
Old 11-03-2006, 01:37 PM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1982Reputation: 1982Reputation: 1982Reputation: 1982Reputation: 1982Reputation: 1982Reputation: 1982Reputation: 1982Reputation: 1982Reputation: 1982Reputation: 1982
not sure i can really get my head around exactly what it is you want to achieve, a diagram would help an awful lot, but essentially you seem to just want a reverse proxy, something apache can very easily do. if you port forward external port 80 to an internal server runnign apache then requesting various url's with dns records pointing to that one ip can be redirected internally by the apache server to any relative url reachable from the lan. so you can tell apache to server localcomputer.example.com when someone asks for www.example.com/localcomputer even though localcomputer.example.com is only reachable on a local netwrok by the apache front end instance.

i think that the request to show router.example.com is clouding the situation a little, as the potentially could be globally reachable, but if you're just treating it as any other local box then that's fine. by fine i don't mean it's a *good* idea though... allowing literally global access to the configuration of your main router is a very veyr dumb thing to do!
 
Old 11-06-2006, 09:14 AM   #3
cparker15
Member
 
Registered: Jan 2003
Location: Malden, MA
Distribution: Debian, FreeBSD, gNewSense, Ubuntu, Ututo
Posts: 73

Original Poster
Rep: Reputation: 15
It seems to me that this would only cover protocols that Apache already supports. Is there a way to do this by combining BIND and iptables? AFAIK, port-forwarding using iptables is only based on IP address, not domain name. Is there a way to get iptables to send a query to BIND (or whatever DNS is installed) when it encounters a domain name instead of IP address? Is there a firewall other than iptables that would accomplish this? I'd be willing to go a non-iptables route if it meant that I could get this working. Even if I could forward these ports based on domain name using a completely different solution, such as SSH, I'd go for it.

A short and simple description of what I need to be able to do:

I need subA.example.com:80 to forward to subC.example.com:8080 and subB.example.com:80 to forward to subC.example.com:8081, regardless of protocol.
 
Old 11-06-2006, 10:04 AM   #4
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1982Reputation: 1982Reputation: 1982Reputation: 1982Reputation: 1982Reputation: 1982Reputation: 1982Reputation: 1982Reputation: 1982Reputation: 1982Reputation: 1982
ahh well your detailed exaples only covered http stuff, so that was where i went... the reason it's possible within apache is that http requests contain domain names in addition to using the domain name to resovle to an ip address. at an TCP/IP level there is no knowledge whatsoever of a domain name. it just doesn't exist, it's ip address to ip address. you *must* work at application level, and have an application protocol that supports this sort of thing, e.g. HTTP, FTP etc... other uses of domain names cease to exist once the ip packet is created on the cilent machine. it's just pure ip from then on.
 
Old 05-26-2007, 08:03 PM   #5
UhhMaybe
Member
 
Registered: Jul 2004
Location: Salt Lake City, Utah
Distribution: Absolute 12.0 Studio 64 1.3.0
Posts: 470

Rep: Reputation: 30
Cool

Linux Distro's with specialized security related offerings are available. Try the home pages for:..."SmoothWall", "Gibralter", and "IPCop". There are more. Good luck.
 
Old 05-27-2007, 02:59 PM   #6
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1982Reputation: 1982Reputation: 1982Reputation: 1982Reputation: 1982Reputation: 1982Reputation: 1982Reputation: 1982Reputation: 1982Reputation: 1982Reputation: 1982
please don't drag up old threads.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
IPCHAINS port forwarding and IPTABLES port forwarding ediestajr Linux - Networking 26 01-14-2007 08:35 PM
Simple Port Forwarding Firewall - not forwarding MadTurki Linux - Security 14 04-09-2006 01:08 PM
Port 80 forwarding to port 22 with iptables zahoo Linux - Networking 3 02-22-2005 08:22 AM
Port Forwarding Based on the Source linuxboy69 Linux - Networking 2 01-06-2004 05:44 PM
port forwarding and packet forwarding syrtsardo Linux - Newbie 2 07-03-2003 11:37 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 01:54 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration