From owner-freebsd-questions Thu Aug 29 1:26:11 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BE2B537B400 for ; Thu, 29 Aug 2002 01:26:07 -0700 (PDT) Received: from smtp.infracaninophile.co.uk (happy-idiot-talk.infracaninophile.co.uk [81.2.69.218]) by mx1.FreeBSD.org (Postfix) with ESMTP id 88FEA43E4A for ; Thu, 29 Aug 2002 01:26:06 -0700 (PDT) (envelope-from m.seaman@infracaninophile.co.uk) Received: from happy-idiot-talk.infracaninophile.co.uk ([IPv6:::1]) by smtp.infracaninophile.co.uk (8.12.5/8.12.5) with ESMTP id g7T8Q4mg031910; Thu, 29 Aug 2002 09:26:04 +0100 (BST) (envelope-from matthew@happy-idiot-talk.infracaninophile.co.uk) Received: (from matthew@localhost) by happy-idiot-talk.infracaninophile.co.uk (8.12.5/8.12.5/Submit) id g7T8PxJC031909; Thu, 29 Aug 2002 09:25:59 +0100 (BST) Date: Thu, 29 Aug 2002 09:25:59 +0100 From: Matthew Seaman To: Mark-Nathaniel Weisman Cc: questions@FreeBSD.ORG Subject: Re: Question about NATD on v4.5 Message-ID: <20020829082559.GA31722@happy-idiot-talk.infracaninophi> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable In-Reply-To: User-Agent: Mutt/1.5.1i Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Tue, Aug 27, 2002 at 11:03:25PM -0800, Mark-Nathaniel Weisman wrote: >=20 > I've got NATD working fine on my BSD firewall, however now I want to > "trick it out" by allowing a redirect to occur somewhere else if a > specific name appears in the request. >=20 > Currently I have all incoming http traffic being forwarded to an > internal webserver at say 192.186.50.2. That server then uses name > resolution under apache to identify www.domain1.com, www.domain2.com, or > www.domain3.com which all reside on this webserver. My firewall internal > address is say 192.168.50.1, which has IPDIVERT installed and is working > fine. > Now say I want all requests to www.domain2.com to go to another server > at 192.168.50.3 instead of the main webserver, however, all I want is > this one domain to go there. Any ideas of what I can do in NATD to set > this up? ipfw and natd in general look only at the packet headers: they know nothing about the payload of packets, nor about any particular protocols, like HTTP. Which means they aren't really suitable to do what you want. Unless you're prepared to do quite a lot of programming then I'd look elsewhere for a solution. apache itself is a more profitable target to achieve what you want. You should be able to use the mod_rewrite functionality to make the server on 192.168.50.1 proxy accesses to www.domain2.com to 192.168.50.2. This isn't ideal, as clearly 192.168.50.1 still has to deal with all the traffic, but all it's doing is handing off the requests to the other server. There are some good examples in the apache docs at http://httpd.apache.org/docs/misc/rewriteguide.html, particularly the sections on Load Balancing and Reverse Proxy. Cheers, Matthew --=20 Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message