LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 08-22-2004, 11:40 PM   #1
freibuis
LQ Newbie
 
Registered: Apr 2004
Distribution: Slackware
Posts: 13

Rep: Reputation: 0
forward IP based on http IP header


is it possible (it is with M$ ISA) with iptables to forward based on http IP header information

example.
behind firewall has 3 web servers
www.Web-A.com 10.0.0.1
www.Web-B.com 10.0.0.2
www.Web-C.com 10.0.0.3

atm I can blanket forwared port 80 to one of the web servers. but like M$ ISA I would like to forward to the correct server behind the firewall.

web-A would forward to 10.0.0.1
web-B would forward to 10.0.0.2
web-C would forward to 10.0.0.3


is this possible with IPTABLEs.. if so how ?

any one

 
Old 08-23-2004, 08:21 AM   #2
PenguinPwrdBox
Member
 
Registered: Oct 2003
Posts: 568

Rep: Reputation: 31
http://www.google.com/search?hl=en&i...%2C+forwarding
 
Old 08-23-2004, 08:09 PM   #3
freibuis
LQ Newbie
 
Registered: Apr 2004
Distribution: Slackware
Posts: 13

Original Poster
Rep: Reputation: 0
Quote:
Originally posted by PenguinPwrdBox
http://www.google.com/search?hl=en&i...%2C+forwarding
heheh done that already.. other wise I would not have asked.

none off those pages taking about Http header redirection. they only talk about IP redirection

I want IPtables to read the http header for the domain then redirect to the appropriate web server.

with IP redirection you can only send it to 1 server not many.




the more I look into this.. the more I will have to convert to M$ ISA
 
Old 08-23-2004, 11:17 PM   #4
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 69
Iptables isn't really meant to do application layer filtering. You might have some luck with Zorp though.

There is a 'strings' extension for iptables that can be installed by Patch-o-matic. You could then filter/route based on the http request strings, but that's a pretty ugli hack IMO.
 
Old 08-23-2004, 11:29 PM   #5
freibuis
LQ Newbie
 
Registered: Apr 2004
Distribution: Slackware
Posts: 13

Original Poster
Rep: Reputation: 0
thanks dude .. I thought as much. I will give the 'Strings' patch-0-matic ago.

if not.. its back to installing m$ ISA hehhehe oh well

freibuis out
 
Old 08-23-2004, 11:53 PM   #6
bastard23
Member
 
Registered: Mar 2003
Distribution: Debian
Posts: 275

Rep: Reputation: 30
There is also the "Layer 7" netfilter patch which lets you do a regex on the first few packets.

Whouldn't an apache reverse proxy work?
 
Old 08-24-2004, 12:07 AM   #7
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 69
Quote:
Originally posted by bastard23
Whouldn't an apache reverse proxy work?
Yes. You could also use mod_rewrite as well, but both would require an Apache front-end.

@freibuis;
FWIW, I'd use Zorp or put an Apach front-end up, rather than trying to use the string match.
 
Old 08-24-2004, 12:21 AM   #8
freibuis
LQ Newbie
 
Registered: Apr 2004
Distribution: Slackware
Posts: 13

Original Poster
Rep: Reputation: 0
Quote:
Originally posted by bastard23
There is also the "Layer 7" netfilter patch which lets you do a regex on the first few packets.

Whouldn't an apache reverse proxy work?
I had an idea for the last week or so to use Squid. but in the same manor.. just reverse it. that way I just put rules it.. I dont know how it would work but I will give it a go..

that layer 7 netfilter is a very kewl idea.. but I dont think it would work with forwarding.



Quote:
Yes. You could also use mod_rewrite as well, but both would require an Apache front-end.
the router/firewall has Apahce running on already (on the internal IP not external IP) I will give it a go and see what happens..

after that I am going to research more into the Squid idea as the server already uses squid as a proxy.. I could just add more rules in and see what happens
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Apache 2: forward http to https? OneSeventeen Linux - Software 2 07-03-2006 07:10 AM
Accessing http header in PHP artois_val Programming 1 08-07-2004 10:20 AM
cant see .forward file in home directory >> mail forward/copy steve_babbage Linux - Newbie 0 03-02-2004 06:25 AM
Error reading WWW server response (HTTP Header)?? cuboctahedron Linux - Newbie 7 02-20-2003 04:10 AM
Looking for web-based HTTP proxy theevilshiftkey Linux - Networking 1 01-09-2002 01:44 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 01:09 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration