Shawn wrote:
> John Clarke wrote:
>
>> Hi Shawn,
>>
>> I'm no network/security/firewall expert, but provided domains A-D have
>> distinct ip addresses: with nat/port forwarding enabled on the gateway,
>> incoming requests can be redirected to a ipaddress+port inside the firewall.
>>
>> So in your case, for the 4 domains you would add a total of 3+4+1+3
>> redirect rules to your packet filter or iptables config.
>>
>> My 0.02 $. I have done this in openbsd, to redirect http requests. But
>> although it is easy to do, what security nightmare it may pose I'm not
>> sure.
>>
>> Are there any security experts who might care to comment?
>>
>> John
>>
>
> Thanks John (and Juan). The problem here is that we have more domains
> than IP addresses. And the public should not have to worry about using
> different ports for the usual services. To keep the problem simple,
> imagine a single external IP address to service all the domains. In
> this case, the simple forwarding rules no longer do the job. (Though I
> do agree that this is the right way if we had more IPs...)
>
> As for Juan's suggestion of using IPTables directly, I'll have to do
> some digging. I'm not sure if an IPTable rule based on the requested
> domain name can be done. (I know it's possible for requested IP/port, or
> destination IP/Port...) But my initial looking suggests this isn't
> possible (at least not yet).
>
> Shawn
>
>
> _______________________________________________
> clug-talk mailing list
> [email protected]
> http://clug.ca/mailman/listinfo/clug-talk_clug.ca
> Mailing List Guidelines (http://clug.ca/ml_guidelines.php)
> **Please remove these lines when replying
>
>
Shawn,
I will have to read these topics once more (again, I have been doing
embedded programming mostly for the past few years). I do remember
reading on the Adv. routing howto that it is possible to create
routing/filtering rules based on either domains, ip address or even MAC
addresses...Again, I will have to read the material once again to be
sure; but I think it is possible
--
=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=
----------------------Juan Alberto Cirez---------------------
------------------Phone: +1(780)742-8860---------------------
[EMAIL PROTECTED]
=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=
Wide and Open Northern Alberta, Canada.
=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=
_______________________________________________
clug-talk mailing list
[email protected]
http://clug.ca/mailman/listinfo/clug-talk_clug.ca
Mailing List Guidelines (http://clug.ca/ml_guidelines.php)
**Please remove these lines when replying
