Robert Meyer meyer_rm at yahoo.com
Mon Feb 17 15:06:29 EST 2003


Well, the problem that you're going to have is that things work by IP address,
not by name (let's not talk about NameVirualHost for now) so things routed to
your site will be set up to be destined for an IP address.  Using IPTables, you
can selectively forward specific ports to other IP addresses but you wouldn't
be able to forward port 80 to more than one place 'cuz it works on the address,
not the name.

If you own more than one IP address on the link (and they're static, not
dynamic), you can set up IPTables to keep one of the IP addresses for itself
and one for the internal server.  This requires some work to get your Ethernet
interface on the outside to answer for both addresses by using eth0 and eth0:0.

I have done similar things using 'shorewall' firewall scripts.  In fact, my
preferred way of handling it is to use a shorewall firewall (or something
similar) as a standalone firewall and then put all of your machines on the
inside.  You can tell IPTables not to respond to ICMP from the outside and you
can port forward until your heart's content.

Like you said, these things get long winded fast.  I've just touched on a few
of the considerations that you have to take into account.  You have to have a
fairly good understanding of networking to get the stuff to all work together.

So much for muddying the waters :-)

Cheers!

Bob

--- James Morin <morin at adelphia.net> wrote:
> Greets..
>  
>  
> Quick question (though these usually get more long-winded then the long
> questions),
>  
>             I have two pcs.  The first pc is running my services
> including DNS and is connected to my DSL modem.   The second machine I
> would like to use for "subdomains" (not sure if correct term).
> Basically I have:
>  
>  
> DSL MODEM ->  pub IP <Machine 1> 192.168.0.1 -> <-  192.168.0.2
> <Machine2>
>  
> I would like everything for *.mydomain.com to hit my first machine.
> However, I would also like abc.mydomain.com to hit my second machine.
> Would I use BIND to set this up or iptables, or something else?
>  
> I'm obviously not very familiar with either or linux in general.  If
> someone could point me in the right direction so I could do some reading
> I'd appreciate it.
>  
>  
> James
> 


=====
Bob Meyer
Knightwing Communications, Inc.
36 Cayuga Blvd
Depew, NY 14043
Phone: 716-308-8931 or 716-681-0076
Meyer_RM at Yahoo.com

__________________________________________________
Do you Yahoo!?
Yahoo! Shopping - Send Flowers for Valentine's Day
http://shopping.yahoo.com



More information about the nflug mailing list