From owner-freebsd-questions Wed Feb 7 17:48:29 2001 Delivered-To: freebsd-questions@freebsd.org Received: from guru.mired.org (okc-65-26-235-186.mmcable.com [65.26.235.186]) by hub.freebsd.org (Postfix) with SMTP id 5636137B491 for ; Wed, 7 Feb 2001 17:48:11 -0800 (PST) Received: (qmail 36668 invoked by uid 100); 8 Feb 2001 01:48:10 -0000 From: Mike Meyer MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <14977.64218.601227.578145@guru.mired.org> Date: Wed, 7 Feb 2001 19:48:10 -0600 (CST) To: Benjamin Ossei Cc: questions@freebsd.org Subject: Re: NAT with multiple services In-Reply-To: <100594972@toto.iv> X-Mailer: VM 6.75 under 21.1 (patch 10) "Capitol Reef" XEmacs Lucid X-face: "5Mnwy%?j>IIV\)A=):rjWL~NB2aH[}Yq8Z=u~vJ`"(,&SiLvbbz2W`;h9L,Yg`+vb1>RG% *h+%X^n0EZd>TM8_IB;a8F?(Fb"lw'IgCoyM.[Lg#r\ Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Benjamin Ossei types: > I was wondering if it is possible to use natd in this way. I will like to be able to run multiple web servers behind my firewall using one public IP address. I know you can do load balancing with natd but I don't know if you can do it with just one IP. I also know that you can do static nat with multiple public IP. Is this possilbe? Yes, but.... All nat has to distinguish the incoming connections is the port number and IP address they are trying to reach. Since you only want to use one IP address, that leaves the port number. So instead of: www.domain1.com (xxx.xxx.xxx.2) mapped to 192.168.1.3 www.domain2.com (xxx.xxx.xxx.2) mapped to 192.168.1.4 www.domain3.com (xxx.xxx.xxx.2) mapped to 192.168.1.5 You have to do: www.domain1.com (xxx.xxx.xxx.2:8081) mapped to 192.168.1.3 www.domain2.com (xxx.xxx.xxx.2:8082) mapped to 192.168.1.4 www.domain3.com (xxx.xxx.xxx.2:8083) mapped to 192.168.1.5 and the like. This is probably *not* what you want, though. One solution would be to put a rather stupid redirector on the nat machine at 80 that redirects from "www.domain1.com" to "xxx.xxx.xxx.2:8081", and so on. Since it's not doing *anything* but sending back the requests with a permanent redirect, it shouldn't be a security risk. You can then use nat to redirect requests to the 808x ports to your internal machines. http://www.mired.org/home/mwm/ Independent WWW/Perforce/FreeBSD/Unix consultant, email for more information. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message