Redirect based on domain name

Loren M. Lang lorenl at alzatex.com
Sun Feb 6 04:26:43 PST 2005 

On Sun, Feb 06, 2005 at 05:17:25PM +0800, r p wrote:
> Hi,
> 
> I've set up two jails on my system. I'm wondering if it's possible to
> redirect incoming traffic to a particular jail based on the domain
> name?
> 
> So, if someone connected to "first.com" they would be directed to the
> 192.168.0.1 jail, and if they connected to "second.com" they would be
> directed to the 192.168.0.2 jail.

This can't easily be done, sorry to say.  That's because when a computer
receives a connection, all it has is an ip address of where it's coming
from and going to.  A computer first's does a dns lookup of first.com to
get it's ip address, then connects to first.com over tcp/ip to do
whatever it's trying to do.  It's like looking a person up in the phone
book and calling their number, the person called has no clue how you got
their number unless you tell them.

Some protocols like http support having the browser client to tell them
what domain name they tried to use, but other protocols like ssh don't
so having two ssh servers on a host either requires different ips or
different ports.  Apache provides a feature called name-based virtual
hosting that allows multiple servers running on the same ip whose only
difference is the domain name they used.  That works because part of the
http protocol includes a line where the browser say, "I'm trying to
contact first.com," but that is certainly not required for the protocol.
Some really old browsers won't work because that was added to the
protocol after it was first established.

> 
> I'd like to do it for www and ssh. Someone suggested to me that maybe
> squid could be employed for the www part.
> 
> At the moment I'm achieving this by listening for non-standard ports
> on my firewall/gateway box and then redirecting to the correct jail
> based on what port is connected to.
> 
> Any ideas, or pointers?
> 
> 
> ---
> Rick
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"

-- 
I sense much NT in you.
NT leads to Bluescreen.
Bluescreen leads to downtime.
Downtime leads to suffering.
NT is the path to the darkside.
Powerful Unix is.

Public Key: ftp://ftp.tallye.com/pub/lorenl_pubkey.asc
Fingerprint: B3B9 D669 69C9 09EC 1BCD  835A FAF3 7A46 E4A3 280C

More information about the freebsd-questions mailing list