Date: Wed, 7 Feb 2001 19:30:13 -0800 (PST) From: Benjamin Ossei <ben@cahostnet.net> To: Mike Meyer <mwm@mired.org>, Cc: questions@freebsd.org Subject: Re: NAT with multiple services Message-ID: <20010208033013.72B42274B@sitemail.everyone.net>
next in thread | raw e-mail | index | archive | help
Mike you're correct, the first example will not work b/c it will require that people know the port numbers which isn't feasable. The second one might work though. If I'm getting you right, you're saying put a nat rule on the nat machine pointing redirecting the port number 80 to port number 808x and so one. But how will it know that www.domain1.com is going to port number 808x. Can you specify names? This is the part that get fussy. Can you elaborate? Thanks... --- Mike Meyer <mwm@mired.org> > wrote: >Benjamin Ossei <ben@cahostnet.net> types: >> I was wondering if it is possible to use natd in this way. I will like to be able to run multiple web servers behind my firewall using one public IP address. I know you can do load balancing with natd but I don't know if you can do it with just one IP. I also know that you can do static nat with multiple public IP. Is this possilbe? > >Yes, but.... > >All nat has to distinguish the incoming connections is the port number >and IP address they are trying to reach. Since you only want to use >one IP address, that leaves the port number. So instead of: > > www.domain1.com (xxx.xxx.xxx.2) mapped to 192.168.1.3 > www.domain2.com (xxx.xxx.xxx.2) mapped to 192.168.1.4 > www.domain3.com (xxx.xxx.xxx.2) mapped to 192.168.1.5 > >You have to do: > > www.domain1.com (xxx.xxx.xxx.2:8081) mapped to 192.168.1.3 > www.domain2.com (xxx.xxx.xxx.2:8082) mapped to 192.168.1.4 > www.domain3.com (xxx.xxx.xxx.2:8083) mapped to 192.168.1.5 > >and the like. This is probably *not* what you want, though. > >One solution would be to put a rather stupid redirector on the nat >machine at 80 that redirects from "www.domain1.com" to >"xxx.xxx.xxx.2:8081", and so on. Since it's not doing *anything* but >sending back the requests with a permanent redirect, it shouldn't be a >security risk. You can then use nat to redirect requests to the 808x >ports to your internal machines. > > <mike >-- >Mike Meyer <mwm@mired.org> http://www.mired.org/home/mwm/ >Independent WWW/Perforce/FreeBSD/Unix consultant, email for more information. _____________________________________________________________ ========GET YOUR FREE E-MAIL============ http://freemail.cahostnet.net Web Hosting http://www.cahostnet.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010208033013.72B42274B>