[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Just confirming: no way to do a pf rdr based on hostname?



Peter Landry wrote:
Hi All,
We're migrating an old Microsoft ISA Server system to OpenBSD pf. First
off, before I ask any questions, kudos to everyone -- Installing OpenBSD
3.8 was a very pleasant, painless experience for someone who's never
used it before. Setting up pf/nat was also extraordinarily easy. The
docs are great.

That aside, the only thing that I haven't been able to migrate yet is
ISA's ability to redirect web requests coming in on the same IP to
different machines based on the host name. IE- www.a.com (IP
123.123.0.1) gets redirected to the internal IP 192.168.0.1 while
www.b.com (also IP 123.123.0.1) gets redirected to the internal IP
192.168.0.2.

I haven't found anything in the docs, and all the list archive questions
I've found were specific to ipnat, not pf.

I'm thinking that I can't do it. In that case, my options seem to be 1)
use different external IP's for each website, and redirect to different
internal servers based on IP 2) redirect all web traffic to the legacy
ISA system, which will then redirect based on hostname. I'm hesitant to
use up all our IPs for option 1, but I'm thinking option 2 is even
worse... Are there any options I haven't thought of?

Thanks for any advice...
Peter L.
This can not be achieved with pf (since pf does not know about the http protocol, where name based virtual hosting happends), but you could use apache with mod_proxy or perhaps squid (perhaps other http proxies exists).

/jtm



Visit your host, monkey.org