LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   Firewall routing by hostname - possible? (https://www.linuxquestions.org/questions/linux-networking-3/firewall-routing-by-hostname-possible-363943/)

jread 09-16-2005 10:36 AM
Firewall routing by hostname - possible?
 
Hi,
I am setting up a gateway/router linux box and I have a question about routing. I know that I can use NAT to route packets by port to different hosts, but what about by hostname? I have several physical servers which will be located behind this new box, each running a web server. The whole network will share a single external IP address and I want to have packets routed by the hostname they are addressed to. For example, if I have two servers box1 and box2 I would like box1.example.com to route to box1 and box2.example.com to route to box2 even though both box1.example.com and box2.example.com will use port 80 for web traffic and will resolve to the same external IP address.
Is this possible? How would I go about setting this up?

Thanks for your help!
JR

jfryman 09-16-2005 10:54 AM
jread,

I *think* this may be possible with the help of an application layer firewall that does stateful packet inspection. iptables has this functionality with some patching involved... which you can find at

http://l7-filter.sourceforge.net/L7-HOWTO-Netfilter

However, if you're attempting to run multiple websites off of multiple computers, I can think of a couple of ways of doing it.

One would be to remove the multiple machines from the equation. You can easily run multiple websites off a single computer using Apache and Virtual Domains. It's not a super difficult concept, but if you are new at it, you'll need to sit down and read some docs. You can find that information at http://httpd.apache.org/docs/2.0/

Going along that same route... if you're going to use multiple machines, why not try setting up clustering with virtual domains? That way, you can use an existing firewall to route to a single clustered IP address, which will handle the websites on their own. That way, you can increase the speed of each of your websites by deploying over the multiple machines.

Of course, there are multiple ways to skin this cat... just pick and choose. Good luck!

-James

draxen 09-16-2005 10:55 AM
How is your router going to know, if the request is for box1 or box2 ?
It will arrive at your router with exactly the same IP. You'd have to have some kind of proxy app on the router, analyzing http packets. If you really want to do this, I'd suggest a web server with virtual hosting set up on the gateway, such that it redirects http requests to appropriate internal servers.

jread 09-16-2005 11:34 AM
Hi and thanks for the replies!

I was thinking that I would need something at the application level but it was worth checking into. Removing the multiple machines would be the best way, I agree, but I have some clients who insist on running their websites on Windows servers so I need to be able to have demo sites for them on my WinXP box. I'll check out Layer 7 but I think you're both right - I'll have to use some form of proxy.

Thanks again!
JR


All times are GMT -5. The time now is 11:47 PM.