Re: Complicated ipfw/ipf forwarding.
On Tue, Oct 28, 2003 at 09:39:23AM -0500, Jason Lavigne wrote: Could I have red.foo.bar forwarded to 192.168.0.2, pink.foo.bar forwarded to 192.168.0.3 and say blue.foo.bar go to the local machine wouldn't you use DNS (bind) for this? How? I only have one external IP address (say 1.2.3.4) but behind the NAT machine I have many. However, I have a.foo.com, b.foo.com and c.foo.com. I want some IP forwarding software to rewrite the destination address from 1.2.3.4 based on the CNAME entry (in the same way Apache can do). Does that make any more sense? Or am I missing the point? Thanks a lot, -lewiz. -- I was so much older then, I'm younger than that now. --Bob Dylan, 1964. -| msn:[EMAIL PROTECTED] | jabber:[EMAIL PROTECTED] | url:www.lewiz.org |- pgp0.pgp Description: PGP signature
RE: Complicated ipfw/ipf forwarding.
Well you got me there, sorry as I am still a newbie and just trying to help. Maybe some of the nice folks here can help you more. Jay -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of 'Lewis Thompson' Sent: Tuesday, October 28, 2003 9:45 AM To: Jason Lavigne Cc: 'FreeBSD-questions' Subject: Re: Complicated ipfw/ipf forwarding. On Tue, Oct 28, 2003 at 09:39:23AM -0500, Jason Lavigne wrote: Could I have red.foo.bar forwarded to 192.168.0.2, pink.foo.bar forwarded to 192.168.0.3 and say blue.foo.bar go to the local machine wouldn't you use DNS (bind) for this? How? I only have one external IP address (say 1.2.3.4) but behind the NAT machine I have many. However, I have a.foo.com, b.foo.com and c.foo.com. I want some IP forwarding software to rewrite the destination address from 1.2.3.4 based on the CNAME entry (in the same way Apache can do). Does that make any more sense? Or am I missing the point? Thanks a lot, -lewiz. -- I was so much older then, I'm younger than that now. --Bob Dylan, 1964. -| msn:[EMAIL PROTECTED] | jabber:[EMAIL PROTECTED] | url:www.lewiz.org |- ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Complicated ipfw/ipf forwarding.
On Tue, Oct 28, 2003 at 02:35:31PM +, Lewis Thompson wrote: I have a public IP address and a couple of machines sitting behind a FreeBSD router doing NAT. I'm using ipnat and ipf right now (although I used to use natd/ipfw so I don't mind switching -- I started using ipf/ipnat because of an odd problem with 5.1-RELEASE but I'm switching back to 4.9 now) and wondered if it was possible to do forwarding based on DNS. For example Apache is clever enough to support virtual hosts based on the address requested. Is there any way at all to do this for forwarding on the router? For example if I had three CNAMES for the same IP red, pink and blue. Could I have red.foo.bar forwarded to 192.168.0.2, pink.foo.bar forwarded to 192.168.0.3 and say blue.foo.bar go to the local machine (i.e. the router)? I don't think that will be possible for an arbitrary protocol. The only way that apache can do this is because the HTTP/1.1 protocol explicitly includes the name of the required virtual host in the GET / POST / HEAD packets. (Hence you can't use name virtual hosts with HTTPS, because of the catch 22: you can't read the name of the virtual host until you can decode the packet stream, and you can't decode the stream until you know which virtual host to send it to...) Most protocols don't have anything like this concept of virtual hosts built into them, so the only data they have to work with is the IP and port number in the packet headers. This works with NAT on outgoing connections because the natd(8) will ensure that the source IP+port on any outgoing packets is unique to each connection. Unfortunately there's no way it can work like that for inbound connections. Now, if you're talking about having 3 web servers (red, pink, blue) then you can use an apache instance on your NAT gateway as an inverse proxy: see http://httpd.apache.org/docs-2.0/mod/mod_proxy.html Other application specific proxies are available for various protocols, for instance ssh(1) has the '-D', '-L' and '-R' command line flags which should be enough to let you ssh into your private network. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgp0.pgp Description: PGP signature
Re: Complicated ipfw/ipf forwarding.
'Lewis Thompson' [EMAIL PROTECTED] writes: On Tue, Oct 28, 2003 at 09:39:23AM -0500, Jason Lavigne wrote: Could I have red.foo.bar forwarded to 192.168.0.2, pink.foo.bar forwarded to 192.168.0.3 and say blue.foo.bar go to the local machine wouldn't you use DNS (bind) for this? How? I only have one external IP address (say 1.2.3.4) but behind the NAT machine I have many. However, I have a.foo.com, b.foo.com and c.foo.com. I want some IP forwarding software to rewrite the destination address from 1.2.3.4 based on the CNAME entry (in the same way Apache can do). How would the IP forwarding software *know* about the CNAME entry? In Apache's case, the HTTP request tells it, but other protocols don't necessarily include the domain name that the client is using. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Complicated ipfw/ipf forwarding.
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Lewis Thompson Sent: Tuesday, October 28, 2003 8:36 AM To: FreeBSD-questions Subject: Complicated ipfw/ipf forwarding. Hi, I have a public IP address and a couple of machines sitting behind a FreeBSD router doing NAT. I'm using ipnat and ipf right now (although I used to use natd/ipfw so I don't mind switching -- I started using ipf/ipnat because of an odd problem with 5.1-RELEASE but I'm switching back to 4.9 now) and wondered if it was possible to do forwarding based on DNS. For example Apache is clever enough to support virtual hosts based on the address requested. Is there any way at all to do this for forwarding on the router? For example if I had three CNAMES for the same IP red, pink and blue. Could I have red.foo.bar forwarded to 192.168.0.2, pink.foo.bar forwarded to 192.168.0.3 and say blue.foo.bar go to the local machine (i.e. the router)? Thanks very much, -lewiz. -- I was so much older then, I'm younger than that now. --Bob Dylan, 1964. -| msn:[EMAIL PROTECTED] | jabber:[EMAIL PROTECTED] | url:www.lewiz.org |- -- Im not 100% sure but: If you want to forward traffic from 1 public ip to multiple internal http servers on the same port to red, pink and blue You could setup name based hosts at apache to do proxy redirect to the inside http servers on the freebsd router firewall machine... Andras Kende http://www.kende.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Complicated ipfw/ipf forwarding.
I suppose something like this might be possible with squid, Though im not sure how to do it. -Frank On Tue, 2003-10-28 at 17:30, Andras Kende wrote: -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Lewis Thompson Sent: Tuesday, October 28, 2003 8:36 AM To: FreeBSD-questions Subject: Complicated ipfw/ipf forwarding. Hi, I have a public IP address and a couple of machines sitting behind a FreeBSD router doing NAT. I'm using ipnat and ipf right now (although I used to use natd/ipfw so I don't mind switching -- I started using ipf/ipnat because of an odd problem with 5.1-RELEASE but I'm switching back to 4.9 now) and wondered if it was possible to do forwarding based on DNS. For example Apache is clever enough to support virtual hosts based on the address requested. Is there any way at all to do this for forwarding on the router? For example if I had three CNAMES for the same IP red, pink and blue. Could I have red.foo.bar forwarded to 192.168.0.2, pink.foo.bar forwarded to 192.168.0.3 and say blue.foo.bar go to the local machine (i.e. the router)? Thanks very much, -lewiz. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]