|
Connection tracking takes care after the SYN packet. Every connection
ALWAYS uses the header (HTTP protocol) even for images and all... except for
port 443 which is impossible after it switches to encrypted
mode.
I have
this as a backup for our sites here which if any virtual site fails, I can use a
string match to move --string "Host: www.domain.com" to another server and not
ALL sites which are working fine..
this
works well and thank god it hasn't been required yet..
Thanks, George Vieira Citadel Computer Systems Pty Ltd
-----Original Message-----
From: Tim [mailto:twrodriguez@xxxxxxxxxxxxx] Sent: Tuesday, July 01, 2003 11:34 AM To: Netfilter Mailing List Subject: DNAT & Host Headers First here is the rules within their respective
chains:
iptables -t nat -A PREROUTING -p tcp --dport 80 -d
$INTERNET -j DNAT --to $NEMESIS
iptables -A FORWARD -p tcp --dport 80 -d $NEMESIS
-j ACCEPT
I'm running this particular web-site with a host
header, when I type in the www.mydomain.com address on the browser and the
packets hit the prerouting chain then the forward chain how will the
communication still know that it is meant for www.mydomain.com
Will this work or do I need to modify the rules in
order for my web server to recognize that the information is intended for
www.mydomain.com. As it is there are several web-sites within my web-server
utilizing the same ip address, including the default web-site.
Any insight will be gratefully
appreciated.
Thanks in advance
Tim--Mia/Fla.
|
