Date: Wed, 7 Feb 2001 19:48:10 -0600 (CST) From: Mike Meyer <mwm@mired.org> To: Benjamin Ossei <ben@cahostnet.net> Cc: questions@freebsd.org Subject: Re: NAT with multiple services Message-ID: <14977.64218.601227.578145@guru.mired.org> In-Reply-To: <100594972@toto.iv>
next in thread | previous in thread | raw e-mail | index | archive | help
Benjamin Ossei <ben@cahostnet.net> types: > I was wondering if it is possible to use natd in this way. I will like to be able to run multiple web servers behind my firewall using one public IP address. I know you can do load balancing with natd but I don't know if you can do it with just one IP. I also know that you can do static nat with multiple public IP. Is this possilbe? Yes, but.... All nat has to distinguish the incoming connections is the port number and IP address they are trying to reach. Since you only want to use one IP address, that leaves the port number. So instead of: www.domain1.com (xxx.xxx.xxx.2) mapped to 192.168.1.3 www.domain2.com (xxx.xxx.xxx.2) mapped to 192.168.1.4 www.domain3.com (xxx.xxx.xxx.2) mapped to 192.168.1.5 You have to do: www.domain1.com (xxx.xxx.xxx.2:8081) mapped to 192.168.1.3 www.domain2.com (xxx.xxx.xxx.2:8082) mapped to 192.168.1.4 www.domain3.com (xxx.xxx.xxx.2:8083) mapped to 192.168.1.5 and the like. This is probably *not* what you want, though. One solution would be to put a rather stupid redirector on the nat machine at 80 that redirects from "www.domain1.com" to "xxx.xxx.xxx.2:8081", and so on. Since it's not doing *anything* but sending back the requests with a permanent redirect, it shouldn't be a security risk. You can then use nat to redirect requests to the 808x ports to your internal machines. <mike -- Mike Meyer <mwm@mired.org> http://www.mired.org/home/mwm/ Independent WWW/Perforce/FreeBSD/Unix consultant, email for more information. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?14977.64218.601227.578145>