RE: publishing 2 web server on one valid IP

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Depending on your load on the webserver.. If a proxy of some sort is not possible and you have one grunty firewall that can handle string modules well enough, you can string match the virtual host.

I've tested this and it works even though there's a possibility that some packets may be small enough to be fragmented and the string match won't match it but so far it's been OK. I haven't tested it with a large site either.. so really depends if this is a small project or not.

I would not use string matching on a production machine where it's critical to get it working 110%...

I would rather tell the ISP to supply 2 IPs...

Thanks,
____________________________________________
George Vieira
Systems Manager
georgev@xxxxxxxxxxxxxxxxxxxxxx

Citadel Computer Systems Pty Ltd
http://www.citadelcomputer.com.au

-----Original Message-----
From: Afshin Lamei [mailto:linux_st@xxxxxxxxxxx]
Sent: Monday, 29 September 2003 10:13 PM
To: netfilter@xxxxxxxxxxxxxxxxxxx
Subject: publishing 2 web server on one valid IP


hi
I have 2 web servers in my DMZ. when there was one, I used DNAT to publish 
the single web server on port 80 of the external interface of my firewall. 
now I don't know how to distinguish between the requests of 2 web servers, 
because I have only one IP address available for the external interface.
Is there any solution using iptables, to know that which http request must 
be DNAT to which web server?
regards,
afshin

_________________________________________________________________
Add photos to your e-mail with MSN 8. Get 2 months FREE*. 
http://join.msn.com/?page=features/featuredemail





[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux