« Microsoft Live Communications Server 2005 with Service Pack 1 Trial Version is now available | Main| It's 05-05-05 day! »

A stupid question, but hopefully obvious to someone else...

Category
Is it possible to have a firewall, that sees two incoming hostnames, example site1.acme.com and site2.acme.com and redirect all traffic on all ports for site1 to 192.168.1.1 for all traffic on all ports to 192.168.1.2 for site 2?

Can any firewalls do this? Trying to save myself purchasing anymore static ips.

Posted by Carl Tyler On 04/29/2005 | | del.icio.us  Technorati  Digg This 

Comments

Gravatar Image1 - No, that is not possible. DNS will resolve one IP adress and forward the request there. You can however create virtual hosts that take a http request and direct it to the appropriate directory. Or you can use different ports on your router and forward them to different hosts inside your own network.

Posted by Volker Weber At 04:42:30 PM On 04/29/2005 | - Website - |


Gravatar Image2 - Beg to differe, my friend, Volker.

It depends on the product. Higher end firewalls can look deeper into the packet than the destination address, and can make decisions based on protocol level data (like the request server name in the http packet).

Of course, those firewalls tend to be more exensive than getting another static ip would be.

Posted by Andrew Pollack At 05:03:13 PM On 04/29/2005 | - Website - |


Gravatar Image3 - This kind of functionality typically is handled by a reverse proxy. So one box needs to be hit first. There are probably firewalls that come with a reverse proxy module. So Andrew is right, however that is not considered a "core" firewall task, so Volker is right.
Apache has reverse proxy capabilities and you will find a lot of stuff when searching for reverse proxy or load balancing on Google.
Hth
stw

Posted by Stephan H. Wissel At 02:38:58 AM On 05/01/2005 | - Website - |


Gravatar Image4 - Short answer for redirection of *all* ports: No, that's not possible with any current technology - at least not in the scenario I believe you want to set up.
Short answer for redirection of HTTP requests only: Yes, any reverse proxy / load balancer like Squid or Pound (http://www.apsis.ch/pound) will do.
Short answer for redirection of HTTPS requests: That depends on the product used. Pound has limited support for that.
If you're interested in a longer, more in-depth answer why it's not possible to redirect any other traffic than HTTP, let me know
-Stefan

Posted by Stefan Rubner At 04:48:15 AM On 05/02/2005 | - Website - |


Post A Comment

:-D:-o:-p:-x:-(:-):-\:angry::cool::cry::emb::grin::huh::laugh::rolleyes:;-)