Hi list, does anybody know, if it is possible to make ip-tables rules with virtuell hosts? I'm not sure, but think I have read it ist not possible. Otherwise, is it possible to konfigure eth0 with 3 different IP? My problem is. that I have a firewall with iptables and 2 networkinterface. On is routing intern and the other is the outside interface. For the outside interface I have 3 static IP, because I want to map them to a smtp-server and a webserver. So I would appreciate it very much, if somebody could give me a hint, how to handle, with virtuell hosts or with 3 IP for eth0. Maybe I am on the wrong way. Thank your for answering Bye Brina -- GMX - Die Kommunikationsplattform im Internet. http://www.gmx.net
Hi brina30! On Thu, 20 Dec 2001, brina30@gmx.li wrote:
Hi list,
does anybody know, if it is possible to make ip-tables rules with virtuell hosts? I'm not sure, but think I have read it ist not possible. Otherwise, is it possible to konfigure eth0 with 3 different IP?
My problem is. that I have a firewall with iptables and 2 networkinterface. On is routing intern and the other is the outside interface. For the outside interface I have 3 static IP, because I want to map them to a smtp-server and a webserver.
So I would appreciate it very much, if somebody could give me a hint, how to handle, with virtuell hosts or with 3 IP for eth0. Maybe I am on the wrong way. Thank your for answering
[BTW, it's rather offtopic] If you configured the virtual hosts (vhosts) name based, then you don't have much else to do, because the name based hosting works because the client sends a `Host: vhost.name' HTTP header, so you figured this is a layer up than the layer at which netfilter works. If you can choose to do IP based vhosting, then it's quite easy to do it. ifconfig eth0:0 <ip1> netmask <netmask> up ifconfig eth0:1 <ip2> netmask <netmask> up ifconfig eth0:2 <ip3> netmask <netmask> up [or something :) ] then (I assume Apache; see <default-install>/manual/vhosts/ip-based.html) <VirtualHost ip1> ServerName vhost1.name DocumentRoot /get/files/from/here # and more </VirtualHost> same for ip2,ip3. hope it helps. ciao -- teodor
Am Donnerstag, 20. Dezember 2001 10:46 schrieb Teodor Cimpoesu:
Hi brina30!
On Thu, 20 Dec 2001, brina30@gmx.li wrote:
Hi list,
does anybody know, if it is possible to make ip-tables rules with virtuell hosts? I'm not sure, but think I have read it ist not possible. Otherwise, is it possible to konfigure eth0 with 3 different IP?
My problem is. that I have a firewall with iptables and 2 networkinterface. On is routing intern and the other is the outside interface. For the outside interface I have 3 static IP, because I want to map them to a smtp-server and a webserver.
So I would appreciate it very much, if somebody could give me a hint, how to handle, with virtuell hosts or with 3 IP for eth0. Maybe I am on the wrong way. Thank your for answering
[BTW, it's rather offtopic]
If you configured the virtual hosts (vhosts) name based, then you don't have much else to do, because the name based hosting works because the client sends a `Host: vhost.name' HTTP header, so you figured this is a layer up than the layer at which netfilter works.
If you can choose to do IP based vhosting, then it's quite easy to do it.
ifconfig eth0:0 <ip1> netmask <netmask> up ifconfig eth0:1 <ip2> netmask <netmask> up ifconfig eth0:2 <ip3> netmask <netmask> up
[or something :) ]
then (I assume Apache; see <default-install>/manual/vhosts/ip-based.html) <VirtualHost ip1> ServerName vhost1.name DocumentRoot /get/files/from/here # and more </VirtualHost>
same for ip2,ip3.
hope it helps. ciao
-- teodor
Hi, Maybe this can help you: You don't realy need 3 external IP's. You just need to redirect the Packages comming in for the SMTP and the Webserver. It works with something like: iptables -t nat -A PREROUTING -i <incoming Interface> -p tcp -j DNAT --to-destination IP:PORT You'll need to MASQUERADE the Packages, because Packages with private IP's will not be routed on the INTERNET. You should take a look into the Masquerade and the IPTABLES howto hope it helps. ciao Stefan
participants (3)
-
brina30@gmx.li
-
Stefan P.
-
Teodor Cimpoesu