Router NAT port forwarding to different host depending on query domain name

Here's an interesting one.   We have a NAT router connecting devices on a LAN to the Internet.  The router's Internet interface has a fixed IP address.  DNS has been set up so that and both point to the IP address assigned to the Internet interface of the router.

What I'd like to do is have the router forward incoming web traffic connecting to the router on port 80 to one of two possible internal web servers, depending on which domain name the client is connecting to.

It seems like this might be possible, as the domain name should be embedded in the HTTP headers.

Anyone know if this can be done?  Preferably with a Draytek Vigor 2820 router, but would be interested to see if this kind of functionality is possible with any router OS.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

The host names will only be in the data stream if the requests are HTTP 1.1.  If they are HTTP 1.0 it is not required and so they may not be there.

I don't know if routers can examine the data steam and foreword to a unique host.  That would require scripting capabilities.  A function like this is normally done via some thing that is layer 7 aware and can do load balancing based on layer 7, such as BigIP's F5 or Kemp load balancers.

Does the Draytek have scripting capabilites that allows you to examine data streams and then change where you forward?
wakatashiAuthor Commented:
Thanks giltjr - it doesn't have scripting capabilities, but I guess the feature could be "baked in" to the firmware (it's possible that I just don't know what the feature is called), rather than being via a user-defined script.

Has anyone come across this kind of conditional NAT Web forwarding (I'd call it something like that) in action?
Qlemo"Batchelor", Developer and EE Topic AdvisorCommented:
No. There is no such feature in any router I know of. Maybe the high-level Cisco ASAs can do.
From what I've seen the common recommendation is to use reverse proxy server, which can read the HTTP request and forward traffic as required. I don't have any experience with that.
SolarWinds® VoIP and Network Quality Manager(VNQM)

WAN and VoIP monitoring tools that can help with troubleshooting via an intuitive web interface. Review quality of service data, including jitter, latency, packet loss, and MOS. Troubleshoot call performance and correlate call issues with WAN performance for Cisco and Avaya calls

wakatashiAuthor Commented:
Sounds like a business opportunity then!  I don't see why this shouldn't be possible, and not difficult to implement in an almost-identical way to which NAT works already, by keeping track of which external IP/port is talking to which internal IP/port.  The only extra is the part about reading the HTTP request to determine which domain name it was sent to.  

Unless I'm missing something, it seems such a simple-to-do and useful kind of feature that I'm astonished nobody's done it already.
Qlemo"Batchelor", Developer and EE Topic AdvisorCommented:
Firstly, NAT is not based on the Application Layer (in theory). In fact there are certain Application Layer Gateway implementations in business class routers managing dynamic port negotiation, like with FTP and Oracle SQL*Net. But that is still different, as those ALGs are applied always if enabled, while HTTP redirects are more complex and would stop working for simple and straight cases ;-).
This is definitely no consumer class feature.

And in many cases it is sufficient to use a single web server, which can perform internal URL rewrites and redirections and stuff if required. This way the web server keeps full control. It is no router feature, and it does not belong there.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
wakatashiAuthor Commented:
For sure, NAT wouldn't normally look at any Application Layer stuff in incoming packets.  But I don't see why it shouldn't work, with no HTTP redirects required.  For a given incoming HTTP request, the router would read the header to determine which domain name it was sent to, and use a dynamically-generated NAT rule to forward the request to the appropriate internal web server.  As far as the client device out on the Internet was concerned, it would see the web server as having the public IP address of the router.  Perhaps I'm missing something here?

I had envisaged this in cases where the internal web servers were hosted on separate boxes.  For example, two webcams with web interfaces.  With this approach, no reconfiguration would be required to the web servers.
What you want do to exists today, just not in a firewall or router.   They are not meant to this type of function as there are plenty of other devices or ways to do this.

You could setup Apache as a reverse proxy server to do it.
Qlemo"Batchelor", Developer and EE Topic AdvisorCommented:
As stated correctly, it could be done but isn't "of their business".
wakatashiAuthor Commented:
Well, I'm naturally disappointed at not having invented a wonderful new networking feature that will transform the Internet for the better, cure world hunger, and make me an overnight zillionaire.  On the flip side, I now know about Application Layer Gateways and Reverse Proxies, which is more than I did this time yesterday, so I'd say that's a win.

Many thanks folks.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.