From nobody@FreeBSD.org  Mon Sep  2 01:49:50 2002
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 0DEE137B400
	for <freebsd-gnats-submit@FreeBSD.org>; Mon,  2 Sep 2002 01:49:50 -0700 (PDT)
Received: from www.freebsd.org (www.FreeBSD.org [216.136.204.117])
	by mx1.FreeBSD.org (Postfix) with ESMTP id C52CC43E7B
	for <freebsd-gnats-submit@FreeBSD.org>; Mon,  2 Sep 2002 01:49:49 -0700 (PDT)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.12.4/8.12.4) with ESMTP id g828nnOT089206
	for <freebsd-gnats-submit@FreeBSD.org>; Mon, 2 Sep 2002 01:49:49 -0700 (PDT)
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.12.4/8.12.4/Submit) id g828nnMZ089205;
	Mon, 2 Sep 2002 01:49:49 -0700 (PDT)
Message-Id: <200209020849.g828nnMZ089205@www.freebsd.org>
Date: Mon, 2 Sep 2002 01:49:49 -0700 (PDT)
From: Mark Weisman <mark@outlander.us>
To: freebsd-gnats-submit@FreeBSD.org
Subject: NATD redirect limitations
X-Send-Pr-Version: www-1.0

>Number:         42318
>Category:       bin
>Synopsis:       NATD redirect limitations
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-ipfw
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Sep 02 01:50:01 PDT 2002
>Closed-Date:    Wed Aug 13 05:52:56 PDT 2003
>Last-Modified:  Wed Aug 13 05:52:56 PDT 2003
>Originator:     Mark Weisman
>Release:        4.5 stable
>Organization:
Outland Domian Group
>Environment:
FreeBSD mickey infinitevisions.ws 4.5-RELEASE #1; Sat May 4 21:29:01 AKDT 2002    root@mickey.infinitevisions.ws:/usr/src/sys/compile/MICKEY i386
>Description:
Is there a way to redirect a singular incoming port to two internal IP Addresses using NATD? I want to say the www.domain1.com and www.domain3.com go to an internal address of 192.168.1.2 using
     redirect_port tcp 192.168.1.2:http 80
however, I'd also like to say if I get requests for www.domain2.com that they be routed to an internal IP address of 192.168.1.3 using a second redirect line in my rc.conf file:
     redirect_port tcp 192.168.1.3:http 80
then have each instance of Apache webserver appropriately direct the traffic to the right folder. Is there a way to do this?
>How-To-Repeat:
Build a standard IPFW firewall, with NATD services installed, and try to redirect a port to multiple internal addresses.
>Fix:
Potentially use Perl scripting in my config file for rc.conf, able to stipulate the name request then direct accordingly?
my (reqname);
reqname = {remote name requested};
if {reqname eq "www.domain2.com"} {
    document.url=("192.168.1.3");
elsif {reqname ne "www.domain2.com"){
    document.url=("192.168.1.2");
};
Something like that anyways.
}
>Release-Note:
>Audit-Trail:

From: Pat Lashley <patl+freebsd@volant.org>
To: Mark Weisman <mark@outlander.us>,
	freebsd-gnats-submit@FreeBSD.org
Cc:  
Subject: Re: ports/42318: NATD redirect limitations
Date: Mon, 02 Sep 2002 02:36:28 -0700

 --==========3490849384==========
 Content-Type: text/plain; charset=us-ascii; format=flowed
 Content-Transfer-Encoding: quoted-printable
 Content-Disposition: inline
 
 --On Monday, September 02, 2002 01:49:49 AM -0700 Mark Weisman=20
 <mark@outlander.us> wrote:
 
 >> Number:         42318
 >> Category:       ports
 >> Synopsis:       NATD redirect limitations
 > ...
 > Is there a way to redirect a singular incoming port to two internal IP
 > Addresses using NATD? I want to say the www.domain1.com and
 > www.domain3.com go to an internal address of 192.168.1.2 using
 > redirect_port tcp 192.168.1.2:http 80
 > however, I'd also like to say if I get requests for www.domain2.com that
 > they be routed to an internal IP address of 192.168.1.3 using a second
 > redirect line in my rc.conf file:      redirect_port tcp 192.168.1.3:http
 > 80
 > then have each instance of Apache webserver appropriately direct the
 > traffic to the right folder. Is there a way to do this?
 >> How-To-Repeat:
 > Build a standard IPFW firewall, with NATD services installed, and try to
 > redirect a port to multiple internal addresses.
 >> Fix:
 > Potentially use Perl scripting in my config file for rc.conf, able to
 > stipulate the name request then direct accordingly? my (reqname);
 > reqname =3D {remote name requested};
 > if {reqname eq "www.domain2.com"} {
 >     document.url=3D("192.168.1.3");
 > elsif {reqname ne "www.domain2.com"){
 >     document.url=3D("192.168.1.2");
 > };
 > Something like that anyways.
 
 This isn't a bug report, it's a question.  Or possibly a badly phrased
 request for enhancement.
 
 The problem is that NATd works at the IP protocol level.  It doesn't
 have much to go on besides the source and destination IP addresses,
 ports, IP protocol number, a few flags, etc.  It has no way to recognize
 an HTTP request nor to parse it.  This is a Good Thing.  It keeps natd
 simple and fast.
 
 If you actually have more than one externally visible IP address, then
 you could assign one to each of your domains and redirect based on that.
 But if you have only one, your best bet is to have natd redirect them
 all to Apache on one of the servers; and use Apache's proxy capabilities
 to forward some of the requests to the other server.
 
 
 
 -Pat
 
 
 --==========3490849384==========
 Content-Type: application/pgp-signature
 Content-Transfer-Encoding: 7bit
 
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.0.7 (FreeBSD)
 
 iD8DBQE9czEnncYNbLD8wuMRApPnAKDZWTO9VCrq3y3o96/fLYm9pXaaiQCgo6LR
 D0LXfVHZdSkvrgHEl+laB9s=
 =R6Ki
 -----END PGP SIGNATURE-----
 
 --==========3490849384==========--
 
Responsible-Changed-From-To: freebsd-ports->freebsd-bugs 
Responsible-Changed-By: arved 
Responsible-Changed-When: Tue Oct 22 14:43:21 PDT 2002 
Responsible-Changed-Why:  
Not a ports problem 

http://www.freebsd.org/cgi/query-pr.cgi?pr=42318 
Responsible-Changed-From-To: freebsd-bugs->freebsd-ipfw 
Responsible-Changed-By: nork 
Responsible-Changed-When: Wed Mar 19 09:41:08 PST 2003 
Responsible-Changed-Why:  
This is not PR. But, anyone, please answer. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=42318 
State-Changed-From-To: open->closed 
State-Changed-By: ru 
State-Changed-When: Wed Aug 13 05:50:53 PDT 2003 
State-Changed-Why:  
Not possible with NATD (as it's not a function of NAT). 
However, Apache web server can deal with this easily. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=42318 
>Unformatted:
