[clug-talk] Gateway Server
khangyi at shaw.ca
Sun Oct 15 16:08:09 PDT 2006
You can use reverse proxy with apache/http/https
Here is a good document to describe what you need:
The smtp/pop3/imap is even a bigger problem, you can run an smtp server as a
relay on the firewall, and i dont know if you can foreword pop3 and imap
connections to the respective servers, when your firewall accepts mail for
all your domains, you than foreword the mail to the respective servers, and
those servers would work ina smart host fashion.
ssh and ssl is a total disaster, with ssl, you have to plant all the
certificates on the router, and forword the requests with the reverse proxy
setup. And i don't know how to do it with ssh or ftp. Given you want to do
this with a single ip.
Now, if you would have say 5 ip addresses, and pick them all up in the single
red interface (virtual), it would be easy to use iptables to foreword the
On October 15, 2006 15:29, Shawn wrote:
> Shawn wrote:
> > Thanks John (and Juan). The problem here is that we have more domains
> > than IP addresses. And the public should not have to worry about using
> > different ports for the usual services. To keep the problem simple,
> > imagine a single external IP address to service all the domains. In
> > this case, the simple forwarding rules no longer do the job. (Though I
> > do agree that this is the right way if we had more IPs...)
> > As for Juan's suggestion of using IPTables directly, I'll have to do
> > some digging. I'm not sure if an IPTable rule based on the requested
> > domain name can be done. (I know it's possible for requested IP/port, or
> > destination IP/Port...) But my initial looking suggests this isn't
> > possible (at least not yet).
> > Shawn
> After doing some further reading, it appears that IPTables is not the
> right tool for filtering based on domain name. Instead I've seen
> references suggesting a proxy server is the better tool for this.
> So, can anyone who works with Squid comment? Can it handle this type of
> domain forwarding? Thanks.
> clug-talk mailing list
> clug-talk at clug.ca
> Mailing List Guidelines (http://clug.ca/ml_guidelines.php)
> **Please remove these lines when replying
More information about the clug-talk