• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Name-based or Traffic-based External NAT?

poorandunlucky

Well-Known Member

Thanks: 25
Messages: 359

#1
You know how NGINX can redirect queries for www.domain1.com:80 to an internal ip, and www.domain2.com:80 to another internal ip even though they have the same external ip?

I know the domain is in the HTTP header, and that's how NGINX does that, but is there a software that can do the same thing but for things other than HTTP? Like maybe something that recognizes the type of traffic as FTP, or SSH, or anything else, and redirects it or treats it according to your own rules?

I know firewalls can recognize traffic types (SPI), so I figure there's probably a piece of software out there that can do that... maybe it won't be able to be name-based, but the result would be the same... You can have multiple things point to the same external IP but get redirected to the right internal IP...

that would be awesome...
 

SirDice

Administrator
Staff member
Administrator
Moderator

Thanks: 5,509
Messages: 25,699

#2

Snurg

Aspiring Daemon

Thanks: 262
Messages: 716

#3
I think, squid can do, too.
However, I decided to use haproxy as at that time it was the only reverse proxy I found that was able to do https passthru using SNI (i.e. without decrypting the data).
This requirement made me change from squid to haproxy,
It is a very powerful program that SrDice uses himself.
 

SirDice

Administrator
Staff member
Administrator
Moderator

Thanks: 5,509
Messages: 25,699

#4
It is a very powerful program that SrDice uses himself.
Indeed, I'm quite fond of it. It works really well and is extremely powerful and flexible. Two HAProxy machines with CARP will go a long way to make sure things keep working.
 

usdmatt

Daemon

Thanks: 419
Messages: 1,210

#5
Like maybe something that recognizes the type of traffic as FTP, or SSH,
If you want to simply forward SSH to one internal IP, some other protocol to a different internal IP, then you can probably do that with just basic NAT forwarding (dst-nat). FTP would be more tricky as it normally uses random high numbered ports for data transfers.

Actually looking at a certain protocol and for example trying to forward SSH for domain1.com to internal-ip-1, and SSH for domain2.com to internal-ip-2 probably wouldn't be possible. Not many protocols have hostname indication built in like HTTP does. The simple solution to this is to forward some-external-port-1 to {internal-ssh-server-1} port 22, and some-external-port-2 to {internal-ssh-server-2} port 22, and just specify the relevant external port in your client when you want to connect.
 

poorandunlucky

Well-Known Member

Thanks: 25
Messages: 359

#6
Indeed, I'm quite fond of it. It works really well and is extremely powerful and flexible. Two HAProxy machines with CARP will go a long way to make sure things keep working.
HAL...? Did somebody delete their post?