January 11th, 2004, 08:08 PM
I have a question of using IP tables. The machine connected directly to the internet has iptables running on it. Actually it is Firestarter which is a front end to iptables. This machine also has an apache webserver with myfirstnamelastname.com domain pointed to it. I would like to have subdomain.myfirstnamelastname.com pointed to another machine on my network that is not directly connected to the internet. How would I do this? If I forward port 80 to the ip address of the machine that has subdomain.myfirstnamelastname.com than I would not be able to connect to the webserver on the machine connected to the internet. Is there a way to forward the request based on the domain?
January 12th, 2004, 05:57 AM
You would need to run a DNS server on your webserver which would handle external address resolution requests. Your service provider or DNS provider, as far as I know, directs all requests for subdomain resolution to the address the domain is registered to (i.e. you). Without running a DNS server to give a response, all that will be recieved is a network unreachable message.
The problem would be the requirement of a second IP address to register the subdomains to. I am assuming here that you are using a single external IP address and a private addressing scheme inside your network. This would mean that all resolution requests would return the same IP address, since every external request must be sent to that address. I am unsure if NAT can properly forward subdomains to separate hosts.
Essentially, first you need to set up a DNS server for your domain which will return requests for address resolutions within it. At that point remote users will get an address returned. The problem is that the domain name is not sent as part of a TCP packet, only the destination IP address - which is the same for all computers in your network.
Maybe it is possible to set up separate webservers on separate ports. I do not know if DNS responses can include port information, but I imagine somebody reading this does. If they can, try setting your other webservers up on separate ports and forwarding those ports appropriately.
Government is like fire - a handy servant, but a dangerous master - George Washington
Government is not reason, it is not eloquence - it is force. - George Washington.
Join the UnError
January 12th, 2004, 06:59 AM
Every now and then, one of you won't annoy me.