wakatashi
asked on
Router NAT port forwarding to different host depending on query domain name
Here's an interesting one. We have a NAT router connecting devices on a LAN to the Internet. The router's Internet interface has a fixed IP address. DNS has been set up so that www.domain1.com and www.domain2.com both point to the IP address assigned to the Internet interface of the router.
What I'd like to do is have the router forward incoming web traffic connecting to the router on port 80 to one of two possible internal web servers, depending on which domain name the client is connecting to.
It seems like this might be possible, as the domain name should be embedded in the HTTP headers.
Anyone know if this can be done? Preferably with a Draytek Vigor 2820 router, but would be interested to see if this kind of functionality is possible with any router OS.
What I'd like to do is have the router forward incoming web traffic connecting to the router on port 80 to one of two possible internal web servers, depending on which domain name the client is connecting to.
It seems like this might be possible, as the domain name should be embedded in the HTTP headers.
Anyone know if this can be done? Preferably with a Draytek Vigor 2820 router, but would be interested to see if this kind of functionality is possible with any router OS.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
No. There is no such feature in any router I know of. Maybe the high-level Cisco ASAs can do.
From what I've seen the common recommendation is to use reverse proxy server, which can read the HTTP request and forward traffic as required. I don't have any experience with that.
From what I've seen the common recommendation is to use reverse proxy server, which can read the HTTP request and forward traffic as required. I don't have any experience with that.
ASKER
Sounds like a business opportunity then! I don't see why this shouldn't be possible, and not difficult to implement in an almost-identical way to which NAT works already, by keeping track of which external IP/port is talking to which internal IP/port. The only extra is the part about reading the HTTP request to determine which domain name it was sent to.
Unless I'm missing something, it seems such a simple-to-do and useful kind of feature that I'm astonished nobody's done it already.
Unless I'm missing something, it seems such a simple-to-do and useful kind of feature that I'm astonished nobody's done it already.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
For sure, NAT wouldn't normally look at any Application Layer stuff in incoming packets. But I don't see why it shouldn't work, with no HTTP redirects required. For a given incoming HTTP request, the router would read the header to determine which domain name it was sent to, and use a dynamically-generated NAT rule to forward the request to the appropriate internal web server. As far as the client device out on the Internet was concerned, it would see the web server as having the public IP address of the router. Perhaps I'm missing something here?
I had envisaged this in cases where the internal web servers were hosted on separate boxes. For example, two webcams with web interfaces. With this approach, no reconfiguration would be required to the web servers.
I had envisaged this in cases where the internal web servers were hosted on separate boxes. For example, two webcams with web interfaces. With this approach, no reconfiguration would be required to the web servers.
What you want do to exists today, just not in a firewall or router. They are not meant to this type of function as there are plenty of other devices or ways to do this.
You could setup Apache as a reverse proxy server to do it.
You could setup Apache as a reverse proxy server to do it.
As stated correctly, it could be done but isn't "of their business".
ASKER
Well, I'm naturally disappointed at not having invented a wonderful new networking feature that will transform the Internet for the better, cure world hunger, and make me an overnight zillionaire. On the flip side, I now know about Application Layer Gateways and Reverse Proxies, which is more than I did this time yesterday, so I'd say that's a win.
Many thanks folks.
Many thanks folks.
ASKER
Has anyone come across this kind of conditional NAT Web forwarding (I'd call it something like that) in action?