James Shubin wrote: >Hi, >Simple question i've been trying to find out for years... >I have an `in-box` firewall with shorewall at 192.168.1.1 (eth1) and >internet at eth0 >I'm using dyndns.org for that ip. and i have wildcard setup so that >*.myname.dyndns.org goes to the firewall box. >How do i set it up so that dude.myname.dyndns.org (any port) >forwards traffic to server1 (say 192.168.1.100) on my lan. and >somethingelse.myname.dyndns.org does the same thing but for server2 >(192.168.1.200) on my lan...
To expand a bit on Toms reply ... You can't do that <period> When anyone looks up dude.myname.dyndns.org they will get an IP address - your SINGLE IP address. When they look up somethingelse.myname.dyndns.org they will get the same IP address. At the level Shorewall works at, there is no difference - incoming connections are just a connection to an IP address. There is no way whatsoever to tell whether a connection to a.b.c.d:p should go to one machine or another. So there is absolutely no way for Shorewall (or any other firewall) to direct all connections to dude.myname.dyndns.org to one machine and connections to another. What can be done, for a handful of protocols (such as http), is to direct incoming connections to a proxy which will forward the connection based on host name. For connections like http, the host name is included in the request sent to the server - and so it's possible to do different things based on it, which is how virtual hosting works for having multiple web sites hosted on one machine. You still have to direct all incoming connections to one machine, but it can then either serve them itself, or forward them to another machine as a proxy. But the only way to have ALL connections going to different machines based on hostname is to have multiple IP addresses and match dns hostnames to different IPs. Of course, if some bright spark hadn't come up with NAT, and a load of idiots believe that it's actually a good thing, then by now we'd all be using IPv6 and lack of addresses wouldn't be a problem ! ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
