Hi, Simple question i''ve been trying to find out for years... I have an `in-box` firewall with shorewall at 192.168.1.1 (eth1) and internet at eth0 I''m using dyndns.org for that ip. and i have wildcard setup so that *.myname.dyndns.org goes to the firewall box. How do i set it up so that dude.myname.dyndns.org (any port) forwards traffic to server1 (say 192.168.1.100) on my lan. and somethingelse.myname.dyndns.org does the same thing but for server2 (192.168.1.200) on my lan... I would really appreciate any help, or even a link to a how to... anything to point me in the right direction. thanks! ps: i know how to forward specific ports to one server or another, but i''m interested on forwarding based on subdomain. _James purpleidea@hotmail.com _________________________________________________________________ Former Police Officer Paul Gillespie’s TAKE BACK THE INTERNET tips and tricks, watch the video now http://safety.sympatico.msn.ca/ --===============0268695189=Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ --===============0268695189=Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
James Shubin wrote:> Hi, > Simple question i''ve been trying to find out for years... > I have an `in-box` firewall with shorewall at 192.168.1.1 (eth1) and > internet at eth0 > I''m using dyndns.org for that ip. and i have wildcard setup so that > *.myname.dyndns.org goes to the firewall box. > How do i set it up so that dude.myname.dyndns.org (any port) forwards > traffic to server1 (say 192.168.1.100) on my lan. and > somethingelse.myname.dyndns.org does the same thing but for server2 > (192.168.1.200) on my lan... > > I would really appreciate any help, or even a link to a how to... > anything to point me in the right direction. > thanks! > > ps: i know how to forward specific ports to one server or another, but > i''m interested on forwarding based on subdomain.You need to use an application layer reverse proxy such as Squid or Apache to do that. It cannot be done at the level that Shorewall has control of. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/
James Shubin wrote:>Hi, >Simple question i''ve been trying to find out for years... >I have an `in-box` firewall with shorewall at 192.168.1.1 (eth1) and >internet at eth0 >I''m using dyndns.org for that ip. and i have wildcard setup so that >*.myname.dyndns.org goes to the firewall box. >How do i set it up so that dude.myname.dyndns.org (any port) >forwards traffic to server1 (say 192.168.1.100) on my lan. and >somethingelse.myname.dyndns.org does the same thing but for server2 >(192.168.1.200) on my lan...To expand a bit on Toms reply ... You can''t do that <period> When anyone looks up dude.myname.dyndns.org they will get an IP address - your SINGLE IP address. When they look up somethingelse.myname.dyndns.org they will get the same IP address. At the level Shorewall works at, there is no difference - incoming connections are just a connection to an IP address. There is no way whatsoever to tell whether a connection to a.b.c.d:p should go to one machine or another. So there is absolutely no way for Shorewall (or any other firewall) to direct all connections to dude.myname.dyndns.org to one machine and connections to another. What can be done, for a handful of protocols (such as http), is to direct incoming connections to a proxy which will forward the connection based on host name. For connections like http, the host name is included in the request sent to the server - and so it''s possible to do different things based on it, which is how virtual hosting works for having multiple web sites hosted on one machine. You still have to direct all incoming connections to one machine, but it can then either serve them itself, or forward them to another machine as a proxy. But the only way to have ALL connections going to different machines based on hostname is to have multiple IP addresses and match dns hostnames to different IPs. Of course, if some bright spark hadn''t come up with NAT, and a load of idiots believe that it''s actually a good thing, then by now we''d all be using IPv6 and lack of addresses wouldn''t be a problem ! ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/