LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 06-23-2006, 05:45 PM   #16
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380

Quote:
Originally Posted by IHIHUG
Yeah, you can do it with squid and squidGuard. I was hoping to do it with iptables, so I could do the same with other services.
AFAIK squid can do this on it's own by having it run in accelerator mode, with virtual host support enabled - no need for squidguard, unless i'm missing something...

Last edited by win32sux; 06-23-2006 at 05:50 PM.
 
Old 07-01-2006, 05:23 AM   #17
drkstr
Senior Member
 
Registered: Feb 2006
Location: Seattle, WA: USA
Distribution: Slackware 11.0
Posts: 1,191

Rep: Reputation: 45
OK, I want to make sure I understand this right; and sorry this is way after the fact (I've been out of town)

Please let me know if I got any of this wrong.

Linux forwarding of domain names has nothing to do with routing, it is actually part of the DNS dameon's functionality. If I have 'domain.com' registered with company X, then I should be able to add a new host record 'host.domain.com' and tell company X to forward this traffic to the same external IP as 'domain.com'. When it get's to my router/dns/dhcp server, the host name will be recognized and the server will know who the packet was intended for.

Assuming that I got all of that right (which I probably didn't) where does iptables fit into all of this? Am I to understand correctly that all that's happening is the server replaces the domain name with the matching IP address in the '/etc/hosts' file, allowing for iptables rules to be written for a private network?

Sorry if this seems like pretty basic stuff, but I have never had a domain name before so I am trying to pick it up as I go. I haven't been to worried about it since my domain is for nothing other then to say that I have one, but I am curious to know how it all works. Maybe if I get the time I will go get a book on DNS stuff.

Thanks for your time!
...aaron

Last edited by drkstr; 07-01-2006 at 05:24 AM.
 
Old 07-02-2006, 07:20 AM   #18
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
Quote:
Originally Posted by drkstr
OK, I want to make sure I understand this right; and sorry this is way after the fact (I've been out of town)

Please let me know if I got any of this wrong.

Linux forwarding of domain names has nothing to do with routing, it is actually part of the DNS dameon's functionality. If I have 'domain.com' registered with company X, then I should be able to add a new host record 'host.domain.com' and tell company X to forward this traffic to the same external IP as 'domain.com'. When it get's to my router/dns/dhcp server, the host name will be recognized and the server will know who the packet was intended for.

Assuming that I got all of that right (which I probably didn't) where does iptables fit into all of this? Am I to understand correctly that all that's happening is the server replaces the domain name with the matching IP address in the '/etc/hosts' file, allowing for iptables rules to be written for a private network?

Sorry if this seems like pretty basic stuff, but I have never had a domain name before so I am trying to pick it up as I go. I haven't been to worried about it since my domain is for nothing other then to say that I have one, but I am curious to know how it all works. Maybe if I get the time I will go get a book on DNS stuff.

Thanks for your time!
...aaron
i won't pretend to know about DNS servers and stuff... but what i can tell you is that the reason netfilter/iptables won't work for the OP is because of the OSI layers at which netfilter/iptables works - mainly layers 3 (network) and 4 (transport)... the OP's virtual host setup would use the HTTP "host" headers sent by the client's browsers, which is layer 7 (application) material... iptables has no idea what that stuff is... so you need something that does, be it squid or zorp or whatever...

http://en.wikipedia.org/wiki/OSI_model
 
Old 07-02-2006, 09:56 PM   #19
drkstr
Senior Member
 
Registered: Feb 2006
Location: Seattle, WA: USA
Distribution: Slackware 11.0
Posts: 1,191

Rep: Reputation: 45
Thanks for the info!

I have read about the OSI model before back in my windows days but had no idea what the crap it was talking about. I'm going to go over it again now that I have a little experience under my belt.

regards,
...aaron
 
Old 07-04-2006, 10:40 AM   #20
mrcoffee11
LQ Newbie
 
Registered: Jul 2006
Posts: 18

Rep: Reputation: 0
Ihihug, were you succesfull? I'm having the same issue on my LAN. Not only with HTTP traffic, but also with SMTP traffic. I also want my email to be routed using DNS on my LAN. So if my primairy mailserver is down, my secondairy mailserver will be used automatically.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
portforwarding joel b Linux - Newbie 3 05-11-2005 05:01 PM
Very Stupid Question about Iptables & Portforwarding kemplej Linux - Networking 20 07-27-2004 03:37 PM
IPTABLES and PortForwarding ComFox Linux - Networking 1 09-09-2002 05:37 PM
iptables and portforwarding gseven1 Linux - Networking 1 02-22-2002 11:20 AM
Portforwarding with Iptables toxic Linux - Security 2 02-15-2002 12:52 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 04:59 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration