Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
|
06-23-2006, 05:45 PM
|
#16
|
LQ Guru
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870
|
Quote:
Originally Posted by IHIHUG
Yeah, you can do it with squid and squidGuard. I was hoping to do it with iptables, so I could do the same with other services.
|
AFAIK squid can do this on it's own by having it run in accelerator mode, with virtual host support enabled - no need for squidguard, unless i'm missing something...
Last edited by win32sux; 06-23-2006 at 05:50 PM.
|
|
|
07-01-2006, 05:23 AM
|
#17
|
Senior Member
Registered: Feb 2006
Location: Seattle, WA: USA
Distribution: Slackware 11.0
Posts: 1,191
Rep:
|
OK, I want to make sure I understand this right; and sorry this is way after the fact (I've been out of town)
Please let me know if I got any of this wrong.
Linux forwarding of domain names has nothing to do with routing, it is actually part of the DNS dameon's functionality. If I have 'domain.com' registered with company X, then I should be able to add a new host record 'host.domain.com' and tell company X to forward this traffic to the same external IP as 'domain.com'. When it get's to my router/dns/dhcp server, the host name will be recognized and the server will know who the packet was intended for.
Assuming that I got all of that right (which I probably didn't) where does iptables fit into all of this? Am I to understand correctly that all that's happening is the server replaces the domain name with the matching IP address in the '/etc/hosts' file, allowing for iptables rules to be written for a private network?
Sorry if this seems like pretty basic stuff, but I have never had a domain name before so I am trying to pick it up as I go. I haven't been to worried about it since my domain is for nothing other then to say that I have one, but I am curious to know how it all works. Maybe if I get the time I will go get a book on DNS stuff.
Thanks for your time!
...aaron
Last edited by drkstr; 07-01-2006 at 05:24 AM.
|
|
|
07-02-2006, 07:20 AM
|
#18
|
LQ Guru
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870
|
Quote:
Originally Posted by drkstr
OK, I want to make sure I understand this right; and sorry this is way after the fact (I've been out of town)
Please let me know if I got any of this wrong.
Linux forwarding of domain names has nothing to do with routing, it is actually part of the DNS dameon's functionality. If I have 'domain.com' registered with company X, then I should be able to add a new host record 'host.domain.com' and tell company X to forward this traffic to the same external IP as 'domain.com'. When it get's to my router/dns/dhcp server, the host name will be recognized and the server will know who the packet was intended for.
Assuming that I got all of that right (which I probably didn't) where does iptables fit into all of this? Am I to understand correctly that all that's happening is the server replaces the domain name with the matching IP address in the '/etc/hosts' file, allowing for iptables rules to be written for a private network?
Sorry if this seems like pretty basic stuff, but I have never had a domain name before so I am trying to pick it up as I go. I haven't been to worried about it since my domain is for nothing other then to say that I have one, but I am curious to know how it all works. Maybe if I get the time I will go get a book on DNS stuff.
Thanks for your time!
...aaron
|
i won't pretend to know about DNS servers and stuff... but what i can tell you is that the reason netfilter/iptables won't work for the OP is because of the OSI layers at which netfilter/iptables works - mainly layers 3 (network) and 4 (transport)... the OP's virtual host setup would use the HTTP "host" headers sent by the client's browsers, which is layer 7 (application) material... iptables has no idea what that stuff is... so you need something that does, be it squid or zorp or whatever...
http://en.wikipedia.org/wiki/OSI_model
|
|
|
07-02-2006, 09:56 PM
|
#19
|
Senior Member
Registered: Feb 2006
Location: Seattle, WA: USA
Distribution: Slackware 11.0
Posts: 1,191
Rep:
|
Thanks for the info!
I have read about the OSI model before back in my windows days but had no idea what the crap it was talking about. I'm going to go over it again now that I have a little experience under my belt.
regards,
...aaron
|
|
|
07-04-2006, 10:40 AM
|
#20
|
LQ Newbie
Registered: Jul 2006
Posts: 18
Rep:
|
Ihihug, were you succesfull? I'm having the same issue on my LAN. Not only with HTTP traffic, but also with SMTP traffic. I also want my email to be routed using DNS on my LAN. So if my primairy mailserver is down, my secondairy mailserver will be used automatically.
|
|
|
All times are GMT -5. The time now is 04:59 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|