[Shorewall-users] redirect virtual webservers

Magnus Stenman stone@hkust.se
Mon, 29 Apr 2002 17:08:24 +0200


Goetz Reinicke wrote:
> 
> Hi,
> 
> on a internal test webserver I have different namebased virtual
> webservers. Ther is an A record om my DNS system for the main server,
> and CNAME records for the virtual servers.
> 
> Now I'm thinking of a public webserver also with virtual namebased
> servers. What I need is to redirect incoming http(s) requests to the

https will require one public IP per virtual server
(unless you run on different ports)

> internal web servers, but how to handle the different virtual names??

The virual namebased ones will work fine.

> 
> The same, iff i have multiple physical webservers?? how do I redirect
> requests to e.g. web01 (172.17.1.1) and web02 (172.17.1.2)
> 
> my Firewall has an A record, the webservers will have CNAME records, but
> private IPs in my DMZ. So Any Hints or working configs??
> 
> A rule like
> ACCEPT    net    loc:172.17.1.1:80    tcp    80    -    1.2.3.4
> 
> would only handle _one_ Webserver, am I right??

To do this you'll need a reverse proxy or similar.
You need to inspect the HTTP request, and look at the
Host: header to know which server to redirect to.

That is also why you cannot do this with https, the traffic would be
encrypted so you'd have no idea which web server to send it to.


/m


> 
> Thanks...
> ...Götz Reinicke
> 
> - Götz Reinicke -------------------- mailto: greinick@filmakademie.de -
>    IT Koordinator                                   Tel: 07141/969-420
>    IT-OfficeNet Filmakademie Baden-Württemberg    Fax: 07141/969-55420
> - Mathildenstr. 20, 71638 Ludwigsburg ----------- www.filmakademie.de -
> 
> _______________________________________________
> Shorewall-users mailing list
> Shorewall-users@shorewall.net
> http://www.shorewall.net/mailman/listinfo/shorewall-users