Date: Mon, 2 Sep 2002 02:40:05 -0700 (PDT) From: Pat Lashley <patl+freebsd@volant.org> To: freebsd-ports@FreeBSD.org Subject: Re: ports/42318: NATD redirect limitations Message-ID: <200209020940.g829e5YP093582@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR ports/42318; it has been noted by GNATS. From: Pat Lashley <patl+freebsd@volant.org> To: Mark Weisman <mark@outlander.us>, freebsd-gnats-submit@FreeBSD.org Cc: Subject: Re: ports/42318: NATD redirect limitations Date: Mon, 02 Sep 2002 02:36:28 -0700 --==========3490849384========== Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: quoted-printable Content-Disposition: inline --On Monday, September 02, 2002 01:49:49 AM -0700 Mark Weisman=20 <mark@outlander.us> wrote: >> Number: 42318 >> Category: ports >> Synopsis: NATD redirect limitations > ... > Is there a way to redirect a singular incoming port to two internal IP > Addresses using NATD? I want to say the www.domain1.com and > www.domain3.com go to an internal address of 192.168.1.2 using > redirect_port tcp 192.168.1.2:http 80 > however, I'd also like to say if I get requests for www.domain2.com that > they be routed to an internal IP address of 192.168.1.3 using a second > redirect line in my rc.conf file: redirect_port tcp 192.168.1.3:http > 80 > then have each instance of Apache webserver appropriately direct the > traffic to the right folder. Is there a way to do this? >> How-To-Repeat: > Build a standard IPFW firewall, with NATD services installed, and try to > redirect a port to multiple internal addresses. >> Fix: > Potentially use Perl scripting in my config file for rc.conf, able to > stipulate the name request then direct accordingly? my (reqname); > reqname =3D {remote name requested}; > if {reqname eq "www.domain2.com"} { > document.url=3D("192.168.1.3"); > elsif {reqname ne "www.domain2.com"){ > document.url=3D("192.168.1.2"); > }; > Something like that anyways. This isn't a bug report, it's a question. Or possibly a badly phrased request for enhancement. The problem is that NATd works at the IP protocol level. It doesn't have much to go on besides the source and destination IP addresses, ports, IP protocol number, a few flags, etc. It has no way to recognize an HTTP request nor to parse it. This is a Good Thing. It keeps natd simple and fast. If you actually have more than one externally visible IP address, then you could assign one to each of your domains and redirect based on that. But if you have only one, your best bet is to have natd redirect them all to Apache on one of the servers; and use Apache's proxy capabilities to forward some of the requests to the other server. -Pat --==========3490849384========== Content-Type: application/pgp-signature Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iD8DBQE9czEnncYNbLD8wuMRApPnAKDZWTO9VCrq3y3o96/fLYm9pXaaiQCgo6LR D0LXfVHZdSkvrgHEl+laB9s= =R6Ki -----END PGP SIGNATURE----- --==========3490849384==========-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200209020940.g829e5YP093582>