Host based routing..

[HJess]

Hi all,

I'm couriers - is is possible to make a host based routing whit ipfw or similar?

I know that this would be difficult specially while I only have one public IP.

Best regards
Henrik Nielsen

 

[SirDice]

Typically firewalls don't route anything. It's the routing tables that dictate where traffic is routed too.

 

[DutchDaemon]

You can boot with static routes by using route statements in rc.conf.
route(8)
rc.conf(5), search for 'static_routes'

 

[HJess]

sorry.. i ment natd

regarding the use of the route (8) the problem is how to route from a specific host? - It's quite easy to route from a given public IP to a local ip etc etc, but my problem is I only have one public IP and looking for a method to route on hosted based..

The issue is .. i need somehow to do this..

<Internet> /----/ <Domain> /---/ 192.168.1.1
<Internet> /----/ <Sub. Domain><Domain> /---/ 192.168.2.1

The problem is that I dont have a spare IP for the subdomain, so I'm looking for a way for forward the requests to another local IP..

 

[Alt]

Its not exactly what you asking for, but you can try to use 'nginx' proxying webserver (www/nginx) - its really easy with it.

 

[HJess]

Hi alt,

The issue is that it's all the services i want to do.. ircd,smtp,www etc etc..

Its really not proxy related, as I'm talking about different servers and different hosts.

 

[DutchDaemon]

With only one public IP you can only redirect one service to one internal host, so public_ip:25 -> internal_ip_1:25, and public_ip:80 -> internal_ip2:80. One service, one host. Jails typically work this way, but also setups with several internal servers on a DMZ/LAN. If you have two smtp servers you're out of luck. You can only attach one to public_ip:25 (well, you could do something with round-robin routing I guess).

You can run several physical webservers behind a single port 80, but you'd need a reverse proxy like Squid or nginx to differentiate between the different Hosts being requested.

 

[aragon]

What you're asking for is impossible. You need another IP address or you have to resort to using non-standard ports.

 

[HJess]

With only one public IP you can only redirect one service to one internal host, so public_ip:25 -> internal_ip_1:25, and public_ip:80 -> internal_ip2:80. One service, one host. Jails typically work this way, but also setups with several internal servers on a DMZ/LAN. If you have two smtp servers you're out of luck. You can only attach one to public_ip:25 (well, you could do something with round-robin routing I guess).

You can run several physical webservers behind a single port 80, but you'd need a reverse proxy like Squid or nginx to differentiate between the different Hosts being requested.

Thanks for the help!
I will try to look into round-robin but as told, I think I'm up to a impossible task (specially when looking into reserve ip)..