Re: [squid-users] Routing By Hostname from Antony Stone on 2003-09-21 (squid-users)

From: Antony Stone <Antony@dont-contact.us>
Date: Sun, 21 Sep 2003 16:43:44 +0100

On Sunday 21 September 2003 4:34 pm, Cody Harris wrote:

> On Sunday 21 September 2003 12:31 pm, Antony Stone wrote:
> > On Sunday 21 September 2003 4:26 pm, Cody Harris wrote:
> > > On Sunday 21 September 2003 12:19 pm, Antony Stone wrote:
> > > > Why not simply assign independent IP addresses to your three machines
> > > > and use DNS to route to the correct one?
> > >
> > > Because the ip for them is 192.168.0.*. It won't work.
> >
> > Well, that's where your iptables DNAT rules come in... you translate
> > from a public IP address to a private IP address for each server so that
> > people on the outside can access your internal machines (I assume that is
> > what you are trying to do?).
>
> I don't really follow you. I have one ipaddress. I can't get any more
> without paying more. I was hoping that i would be able top do it by
> hostname and hostname alone.

Okay, in that case I think you have three choices:

1. Pay more for public IP addresses. Simple, but not free.

2. Decide which TCP/UDP ports need to be directed to which machines in your
internal network (maximum of one machine per port) and set up netfilter rules
to translate your one public IP address to various private IP addresses
depending on which service was being requested. This solution obviously
does not allow you to have more than one internal machine visible to the
outside world for each service (http, ftp, ssh, smtp...) Simple, but I
suspect not what you're looking for.

3. Use an application-level proxy for each service you want to provide, which
can select machines based on hostname. Squid can do that for http for you,
frox can do it for ftp, I doubt that you need it for smtp... If you want to
do the same thing for any other protocols you'll need to find an
application-layer proxy for those specific protocols. Possibly free, and I
think this is what you want, but far from simple.

Regards,

Antony.

-- 
"Note: Windows 98, Windows 98SE and Windows 95 are not affected by [MS 
Blaster].   However, these products are no longer supported.   Users of these 
products are strongly encouraged to upgrade to later versions."   (which are 
affected by MS Blaster...)
http://www.microsoft.com/security/security_bulletins/ms03-026.asp

Received on Sun Sep 21 2003 - 09:43:51 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:19:59 MST