How to setup url forwarding with one public IP to two different internal IP's?

Question:

SuperDave

2012-07-12 12:20:09 UTC

Hello,

Could someone point me at a good tutorial for url forwarding/subdomain routing config on a router or firewall? (any router/firewall is fine, so long as it's a nice, clear tutorial)

One public ip, two internal IP's. Incoming requests come on port 443 to different subdomains and I would like to find some example documentation on any business-class router/firewall that shows how it is possible to redirect the request by the requestor domain name/url:

incoming request to server1.exampledomain.com:443 goes to private IP .101
incoming request to server2.exampledomain.com:443 goes to private IP .102

Many thanks!

D.

Three answers:

Tracy L

2012-07-12 13:02:54 UTC

I don't think you can do that with port forwarding. You can just port forward to your internal server and let Apache / web server sort out the subdomain IPs using a name based virtual host. Forwarding works on IP not the name.

Then with SSL, you need two public IPs for the certs to work correctly! So you could forward IP one to server one and IP 2 to server two. However, with two public IPs why even use forwarding? Just put the public IP needed on each server.

For name based see.

See the Apache documentation

http://httpd.apache.org/docs/2.0/vhosts/name-based.html

Here is an SSL example, you will need a "wildcard" SSL cert!

http://wiki.apache.org/httpd/NameBasedSSLVHosts

And this one which is not a bad solution

http://fob.po8.org/node/289

efflandt

2012-07-12 14:48:47 UTC

You cannot do that with a router, because it has no clue what hostname was used to reach it, all it knows is the IP the request came in on. And you can only forward any one specific port to one LAN IP.

You need one web server to proxy the other web server. Forward port 443 to the LAN IP of that server. Apache can do that easily using a combination of name based virtual server, mod_proxy, and Proxy_Pass to proxy one of the virtual hosts on a LAN IP instead of serving alternate content from a directory. It will either serve local content for one virtual host, or proxy the other virtual host.

I have never used IIS, so I do not know if it can do that.

I am also not familiar with specifics about configuring secure certificates for https, but have done name based virtual hosting on port 80 with apache (in Linux) using dynamic DNS names for my pubiic dynamic IP. Apache is also available for Windows.

2016-12-08 20:27:21 UTC

There are not any criminal effects. you are able to internally use notwithstanding you like (that is greater a question of excellent prepare), and on any NAT based community you're able to probable never be conscious if somebody tried to apply a internet site that replaced into (externally) on the comparable IP handle variety. What I do see a brilliant form of, is 10.x.x.x used as an inner handle, that's totally valid - yet normally perplexed as an exterior one. 10.x.x.x is super for terribly super networks or once you pick a brilliant form of separate subnets. otherwise, no effects - yet probable a stable theory to sort it out.

ⓘ

This content was originally posted on Y! Answers, a Q&A website that shut down in 2021.

about - legalese