On Thu, 1 Jul 2010, Scott Wood wrote: >I have a few years experience using OpenBSD firewalls in a small business >Environment and I love it. > >I've recently switched over to a single static IP and am struggling with a >Problem: How to have multiple web servers hosting different sites behind >single >public IP (all listening on port 80)? > >I have a 2-legged OpenBSD 4.7-stable firewall (i386) behind a single static >IP. >My only DNS (currently) is external which establishes abc.com --> >$my-static-ip > > Internet > | > ------ > | | > | OBSD | > | 4.7 | > ------ > | > | > Private DMZ > _______|_____ > | | | > --- --- --- > | 1 | | 2 | | 3 | > --- --- --- > >I can port-map to the various servers just fine (ie: abc.com:8080, >abc.com:8888, >etc.) but this is NOT the desired configuration. > >The 3 different web servers should all be accessible via port 80: > abc.com, coolstuff.abc.com, abc.com/coolstuff > >It seems like there should be an easy elegant way to handle this using >OpenBSD. >Do I need to setup a secondary/slave DNS server on my DMZ? >Can I use relayd? Looks great!
Perhaps I'm missing something, but why don't you set up 'virtual hosts' on your webserver (based on the 'Host' header); this appears to be exactly the kind of situation that feature was designed to handle. You'll need to add a DNS entry for coolstuff.abc.com pointing to the same IP address as abc.com does. [That doesn't work for abc.com/coolstuff, but it's not at all clear how that worked in your original setup -- since abc.com and abc.com/coolstuff would necessarily connect to the same IP address.] Dave >I've read the following docs about relayd and it sounds like it'll do >"reverse web proxying" which is what I need. >But I couldn't quite see how to filter/redirect on the hostname or >URL...(I'm sure it's there, but I don't get it!). > >http://www.openbsd.org/cgi-bin/man.cgi?query=relayd&sektion=8&arch=&apropos= >0&manpath=OpenBSD+Current >http://www.unixtechnics.org/openbsd-relayd.html >https://calomel.org/relayd.html > >Can anyone shed any light on this for me? >Please tell me if I'm barking up the wrong tree! > >Many thanks, Scott > -- Dave Anderson <d...@daveanderson.com>