Subject: Re: NATD anyone?
From: Mike Tibor (tibor@lib.uaa.alaska.edu)
Date: Tue Sep 03 2002 - 11:09:26 AKDT
On Mon, 2 Sep 2002, Mark-Nathaniel Weisman wrote:
> Can you stipulate a singular port to two different internal IP addresses
> using NATD under FreeBSD v4.5? For example;
> redirect_port tcp 192.168.1.2:http 80
> redirect_port tcp 192.168.1.3:http 80
The only way I think this would work is if your rules examined the payload
of the packets hitting tcp 80 on your firewall, so that they could
redirect based on something like the Host: header in the http request.
What might work better is to build apache on your firewall box with
mod_rewrite and mod_proxy, and having it act as a "reverse proxy". The
firewall box would forward the http request on to the appropriate internal
server (but via apache, rather than ipfw), but to the remote computer it
would just appear as if you were running the sites on your firewall box.
Personally I think that's overly complicated. If it were me, I'd look
into consolidating the websites all onto the firewall box, or better yet,
give the existing servers "real-world" IP addresses (I assume there's a
reason they're on separate boxes), and configure the firewall box as a
filtering ethernet bridge without an IP address (although it might be
easier to give it an address on your private network if console access is
inconvenient). I think I saw an article on how to setup the packet
filtering ethernet bridge on either bsdtoday.com or daemonnews.org, and
there may even be a howto on it.
Mike
-- Mike Tibor Univ. of Alaska Anchorage (907) 786-1001 voice Network Technician Consortium Library (907) 786-6050 fax tibor@lib.uaa.alaska.edu http://www.lib.uaa.alaska.edu/~tibor/ http://www.lib.uaa.alaska.edu/~tibor/pgpkey for PGP public key--------- To unsubscribe, send email to <aklug-request@aklug.org> with 'unsubscribe' in the message body.
This archive was generated by hypermail 2a23 : Tue Sep 03 2002 - 11:09:29 AKDT