From owner-freebsd-questions@FreeBSD.ORG Sun Feb 6 12:26:43 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 050D916A4CE for ; Sun, 6 Feb 2005 12:26:43 +0000 (GMT) Received: from hosea.tallye.com (joel.tallye.com [216.99.199.78]) by mx1.FreeBSD.org (Postfix) with ESMTP id EC5FA43D2D for ; Sun, 6 Feb 2005 12:26:41 +0000 (GMT) (envelope-from lorenl@alzatex.com) Received: from hosea.tallye.com (hosea.tallye.com [127.0.0.1]) by hosea.tallye.com (8.12.8/8.12.10) with ESMTP id j16CQeGf017182 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sun, 6 Feb 2005 04:26:40 -0800 Received: (from sttng359@localhost) by hosea.tallye.com (8.12.8/8.12.10/Submit) id j16CQeQg017180; Sun, 6 Feb 2005 04:26:40 -0800 X-Authentication-Warning: hosea.tallye.com: sttng359 set sender to lorenl@alzatex.com using -f Date: Sun, 6 Feb 2005 04:26:39 -0800 From: "Loren M. Lang" To: r p Message-ID: <20050206122639.GX8619@alzatex.com> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.1i X-GPG-Key: ftp://ftp.tallye.com/pub/lorenl_pubkey.asc X-GPG-Fingerprint: B3B9 D669 69C9 09EC 1BCD 835A FAF3 7A46 E4A3 280C cc: freebsd-questions@freebsd.org Subject: Re: Redirect based on domain name X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 06 Feb 2005 12:26:43 -0000 On Sun, Feb 06, 2005 at 05:17:25PM +0800, r p wrote: > Hi, > > I've set up two jails on my system. I'm wondering if it's possible to > redirect incoming traffic to a particular jail based on the domain > name? > > So, if someone connected to "first.com" they would be directed to the > 192.168.0.1 jail, and if they connected to "second.com" they would be > directed to the 192.168.0.2 jail. This can't easily be done, sorry to say. That's because when a computer receives a connection, all it has is an ip address of where it's coming from and going to. A computer first's does a dns lookup of first.com to get it's ip address, then connects to first.com over tcp/ip to do whatever it's trying to do. It's like looking a person up in the phone book and calling their number, the person called has no clue how you got their number unless you tell them. Some protocols like http support having the browser client to tell them what domain name they tried to use, but other protocols like ssh don't so having two ssh servers on a host either requires different ips or different ports. Apache provides a feature called name-based virtual hosting that allows multiple servers running on the same ip whose only difference is the domain name they used. That works because part of the http protocol includes a line where the browser say, "I'm trying to contact first.com," but that is certainly not required for the protocol. Some really old browsers won't work because that was added to the protocol after it was first established. > > I'd like to do it for www and ssh. Someone suggested to me that maybe > squid could be employed for the www part. > > At the moment I'm achieving this by listening for non-standard ports > on my firewall/gateway box and then redirecting to the correct jail > based on what port is connected to. > > Any ideas, or pointers? > > > --- > Rick > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" -- I sense much NT in you. NT leads to Bluescreen. Bluescreen leads to downtime. Downtime leads to suffering. NT is the path to the darkside. Powerful Unix is. Public Key: ftp://ftp.tallye.com/pub/lorenl_pubkey.asc Fingerprint: B3B9 D669 69C9 09EC 1BCD 835A FAF3 7A46 E4A3 280C