Can you SNAT (or masquerade) the requests before they are forwarded to the WEB SERVER? That would do the trick (but destroy the statistics :-( ) On 1/2/06, Aleksander <aleksander@xxxxxxxxxxxxxxx> wrote: > Edmundo Carmona wrote: > > >I don't know about the mail server, but apache supports virtual > >domains, and so the requests will be served differently depending on > >the request's domain, and not the IP of the host. A single IP should > >do the trick. > > > Yes, that's the case when the hostnames have the same IP. But when they > have different ones and apache tries to answer their request, the > clients will denied it, as it comes from a different IP. > > Some ascii 'art' might help: > > 192.168.0.10 has external IP a.b.c.d (iptables SNAT) > > a.b.c.d:80 DNAT \ > ---> 192.168.0.10:80 > a.b.c.f:80 DNAT / > > The request from the client arrives at apache and apache answers, no > matter via which external IP it comes. But when the request comes via > a.b.c.f, then the client will be expecting the answer form a.b.c.f, not > a.b.c.d, where it will come from. Apache is assigned a.b.c.d and has no > way of changing that, actually apache thinks it sending from > 192.168.0.10 anyway. > > The only solution I see is having a (virtual) interface for each > external IP. That so? > _______________________________________________ > LARTC mailing list > LARTC@xxxxxxxxxxxxxxx > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc > _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
