>-----Original Message----- >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of >Jens Teglhus >Mxller >Sent: Monday, December 12, 2005 5:16 PM >To: [email protected] >Subject: Re: Just confirming: no way to do a pf rdr based on hostname? > >Peter Landry wrote: >> Hi All, >> We're migrating an old Microsoft ISA Server system to OpenBSD pf. First >> off, before I ask any questions, kudos to everyone -- Installing OpenBSD >> 3.8 was a very pleasant, painless experience for someone who's never >> used it before. Setting up pf/nat was also extraordinarily easy. The >> docs are great. >> >> That aside, the only thing that I haven't been able to migrate yet is >> ISA's ability to redirect web requests coming in on the same IP to >> different machines based on the host name. IE- www.a.com (IP >> 123.123.0.1) gets redirected to the internal IP 192.168.0.1 while >> www.b.com (also IP 123.123.0.1) gets redirected to the internal IP >> 192.168.0.2. >> >> I haven't found anything in the docs, and all the list archive questions >> I've found were specific to ipnat, not pf. >> >> I'm thinking that I can't do it. In that case, my options seem to be 1) >> use different external IP's for each website, and redirect to different >> internal servers based on IP 2) redirect all web traffic to the legacy >> ISA system, which will then redirect based on hostname. I'm hesitant to >> use up all our IPs for option 1, but I'm thinking option 2 is even >> worse... Are there any options I haven't thought of? >> >> Thanks for any advice... >> Peter L. >This can not be achieved with pf (since pf does not know about the http >protocol, where name based virtual hosting happends), but you could use >apache with mod_proxy or perhaps squid (perhaps other http proxies exists). > > >/jtm
Thanks for all the suggestions. In the interests of getting this all working, I'm going to stick with using different external IPs for now. After we get everything moved and settled, I'm going to look into running squid, both for this, and also general http proxying. Thanks again all, Peter L.
