HTTP forwarding, based upon host header

[Guest]

Archived from groups: comp.security.firewalls,microsoft.public.win2000.networking (More info?)

I've got a Watchguard X50 Edge hardware firewall connected to the internet
via T1.

Inside the firewall, I've got 2 web servers, Windows 2000 Server.

The X50 has the capability to be associated to ONLY ONE external IP address
(argh...).

I can easily forward all incoming PORT 80 traffic to either one of the web
servers.

However, I need to be able to forward SOME incoming traffic to Web Server
#1, and SOME incoming traffic to Web Server #2. Of course, this would be
determined by the host header information.

So, xyz.com and abc.com are on Server #1. def.com and ghi.com are on Server
#2.

Can anyone suggest a free or cheap software solution to this problem?

Thank you.

John

 

[Guest]

Archived from groups: comp.security.firewalls (More info?)

"john lemon" <john@lemon.com> wrote in message
news:i_4We.73658$3S5.65656@tornado.rdc-kc.rr.com...
> I've got a Watchguard X50 Edge hardware firewall connected to the internet
> via T1.
>
> Inside the firewall, I've got 2 web servers, Windows 2000 Server.
>
> The X50 has the capability to be associated to ONLY ONE external IP
address
> (argh...).
>
> I can easily forward all incoming PORT 80 traffic to either one of the web
> servers.
>
> However, I need to be able to forward SOME incoming traffic to Web Server
> #1, and SOME incoming traffic to Web Server #2. Of course, this would be
> determined by the host header information.
>
> So, xyz.com and abc.com are on Server #1. def.com and ghi.com are on
Server
> #2.
>
> Can anyone suggest a free or cheap software solution to this problem?
>
> Thank you.
>
> John

Your firewall should support port mapping. This is where you set up port 81
to be forwarded inside to server #2 after mapping it to port 80. Rather
than the usual one-to-one incoming mapping.

Then outside users have to use http://www.url.com:81 to access it.

-Russ.

 

[Frankster]

Archived from groups: comp.security.firewalls,microsoft.public.win2000.networking (More info?)

Routine stuff. Done all the time. No prob. With host headers you can use one
IP for multiple sites on the same port. See MS link below. Works fine on
IIS5 and W2K even though it's written for IIS6.

http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/883a9544-3f70-4d46-a6df-bbadbd1fe7de.mspx

-Frank

"john lemon" <john@lemon.com> wrote in message
news:i_4We.73658$3S5.65656@tornado.rdc-kc.rr.com...
> I've got a Watchguard X50 Edge hardware firewall connected to the internet
> via T1.
>
> Inside the firewall, I've got 2 web servers, Windows 2000 Server.
>
> The X50 has the capability to be associated to ONLY ONE external IP
> address
> (argh...).
>
> I can easily forward all incoming PORT 80 traffic to either one of the web
> servers.
>
> However, I need to be able to forward SOME incoming traffic to Web Server
> #1, and SOME incoming traffic to Web Server #2. Of course, this would be
> determined by the host header information.
>
> So, xyz.com and abc.com are on Server #1. def.com and ghi.com are on
> Server
> #2.
>
> Can anyone suggest a free or cheap software solution to this problem?
>
> Thank you.
>
> John
>
>
>
>
>

 

[Frankster]

Archived from groups: comp.security.firewalls,microsoft.public.win2000.networking (More info?)

Oh... don't forget to make sure you configure your external DNS for the new
site. Each host header needs a record.

-Frank

"Frankster" <Frank@SPAM2TRASH.com> wrote in message
news:Uv-dnXERrOnjdbXeRVn-qw@giganews.com...
> Routine stuff. Done all the time. No prob. With host headers you can use
> one IP for multiple sites on the same port. See MS link below. Works fine
> on IIS5 and W2K even though it's written for IIS6.
>
> http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/883a9544-3f70-4d46-a6df-bbadbd1fe7de.mspx
>
> -Frank
>
> "john lemon" <john@lemon.com> wrote in message
> news:i_4We.73658$3S5.65656@tornado.rdc-kc.rr.com...
>> I've got a Watchguard X50 Edge hardware firewall connected to the
>> internet
>> via T1.
>>
>> Inside the firewall, I've got 2 web servers, Windows 2000 Server.
>>
>> The X50 has the capability to be associated to ONLY ONE external IP
>> address
>> (argh...).
>>
>> I can easily forward all incoming PORT 80 traffic to either one of the
>> web
>> servers.
>>
>> However, I need to be able to forward SOME incoming traffic to Web Server
>> #1, and SOME incoming traffic to Web Server #2. Of course, this would be
>> determined by the host header information.
>>
>> So, xyz.com and abc.com are on Server #1. def.com and ghi.com are on
>> Server
>> #2.
>>
>> Can anyone suggest a free or cheap software solution to this problem?
>>
>> Thank you.
>>
>> John
>>
>>
>>
>>
>>
>
>

 

[Guest]

Archived from groups: comp.security.firewalls,microsoft.public.win2000.networking (More info?)

I am familiar with hosting multiple web sites on a single server using a
single IP address.

However this situation is a little different.

I have two web servers on the same 192.168.111.x network.

Server #1: 192.168.111.1 - xyz.com and abc.com
Server #2: 192.168.111.2 - def.com and ghi.com

External DNS is configured so that the WWW hosts for these 4 domains point
to 207.56.34.12 (for example).

207.56.34.12 is the hardware firewall.

The firewall port forwarding is set up to forward all PORT 80 requests to
192.168.111.1.

xyz.com and abc.com are fully accessible from the outside world.

But back to my original question, how can I access www.def.com and
www.ghi.com from the outside world ?


"Frankster" <Frank@SPAM2TRASH.com> wrote in message
news:Uv-dnXERrOnjdbXeRVn-qw@giganews.com...
> Routine stuff. Done all the time. No prob. With host headers you can use
one
> IP for multiple sites on the same port. See MS link below. Works fine on
> IIS5 and W2K even though it's written for IIS6.
>
>
http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/883a9544-3f70-4d46-a6df-bbadbd1fe7de.mspx
>
> -Frank
>
> "john lemon" <john@lemon.com> wrote in message
> news:i_4We.73658$3S5.65656@tornado.rdc-kc.rr.com...
> > I've got a Watchguard X50 Edge hardware firewall connected to the
internet
> > via T1.
> >
> > Inside the firewall, I've got 2 web servers, Windows 2000 Server.
> >
> > The X50 has the capability to be associated to ONLY ONE external IP
> > address
> > (argh...).
> >
> > I can easily forward all incoming PORT 80 traffic to either one of the
web
> > servers.
> >
> > However, I need to be able to forward SOME incoming traffic to Web
Server
> > #1, and SOME incoming traffic to Web Server #2. Of course, this would
be
> > determined by the host header information.
> >
> > So, xyz.com and abc.com are on Server #1. def.com and ghi.com are on
> > Server
> > #2.
> >
> > Can anyone suggest a free or cheap software solution to this problem?
> >
> > Thank you.
> >
> > John
> >
> >
> >
> >
> >
>
>

 

[Guest]

Archived from groups: comp.security.firewalls,microsoft.public.win2000.networking (More info?)

On Thu, 15 Sep 2005 06:13:07 GMT, john lemon wrote:

> I am familiar with hosting multiple web sites on a single server using a
> single IP address.
>
> However this situation is a little different.
>
> I have two web servers on the same 192.168.111.x network.
>
> Server #1: 192.168.111.1 - xyz.com and abc.com
> Server #2: 192.168.111.2 - def.com and ghi.com
>
> External DNS is configured so that the WWW hosts for these 4 domains point
> to 207.56.34.12 (for example).
>
> 207.56.34.12 is the hardware firewall.
>
> The firewall port forwarding is set up to forward all PORT 80 requests to
> 192.168.111.1.
>
> xyz.com and abc.com are fully accessible from the outside world.
>
> But back to my original question, how can I access www.def.com and
> www.ghi.com from the outside world ?
>
>
> "Frankster" <Frank@SPAM2TRASH.com> wrote in message
> news:Uv-dnXERrOnjdbXeRVn-qw@giganews.com...
>> Routine stuff. Done all the time. No prob. With host headers you can use
> one
>> IP for multiple sites on the same port. See MS link below. Works fine on
>> IIS5 and W2K even though it's written for IIS6.
>>
>>
> http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/883a9544-3f70-4d46-a6df-bbadbd1fe7de.mspx
>>
>> -Frank
>>
>> "john lemon" <john@lemon.com> wrote in message
>> news:i_4We.73658$3S5.65656@tornado.rdc-kc.rr.com...
>>> I've got a Watchguard X50 Edge hardware firewall connected to the
> internet
>>> via T1.
>>>
>>> Inside the firewall, I've got 2 web servers, Windows 2000 Server.
>>>
>>> The X50 has the capability to be associated to ONLY ONE external IP
>>> address
>>> (argh...).
>>>
>>> I can easily forward all incoming PORT 80 traffic to either one of the
> web
>>> servers.
>>>
>>> However, I need to be able to forward SOME incoming traffic to Web
> Server
>>> #1, and SOME incoming traffic to Web Server #2. Of course, this would
> be
>>> determined by the host header information.
>>>
>>> So, xyz.com and abc.com are on Server #1. def.com and ghi.com are on
>>> Server
>>> #2.
>>>
>>> Can anyone suggest a free or cheap software solution to this problem?
>>>
>>> Thank you.
>>>
>>> John
>>>
I don't know about IIS but Apache web server allows virtual name-based
virtual hosts to be on different physical servers. Maybe IIS does also.

 

[Guest]

Archived from groups: comp.security.firewalls (More info?)

john lemon <john@lemon.com> wrote:
> However, I need to be able to forward SOME incoming traffic to Web Server
> #1, and SOME incoming traffic to Web Server #2. Of course, this would be
> determined by the host header information.

Then just use a virtual host concept i.e. like the one from Apache, and
proxy the right traffic to the second webserver.

Yours,
VB.
--
"Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
deutschen Schlafzimmern passiert".
Harald Schmidt zum "Weltjugendtag"

 

[Guest]

Archived from groups: comp.security.firewalls (More info?)

john lemon <john@lemon.com> wrote:
> xyz.com and abc.com are fully accessible from the outside world.

Configure the "wrong" webserver, which is reached by all the traffic,
as a proxy for those websites.

Yours,
VB.
--
"Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
deutschen Schlafzimmern passiert".
Harald Schmidt zum "Weltjugendtag"

 

[Guest]

Archived from groups: comp.security.firewalls (More info?)

I understand that this is conceptually what I need to do...but how does it
work in practice? Do you have any suggestions on how to start ?


"Volker Birk" <bumens@dingens.org> wrote in message
news:43292b4d@news.uni-ulm.de...
> john lemon <john@lemon.com> wrote:
> > However, I need to be able to forward SOME incoming traffic to Web
Server
> > #1, and SOME incoming traffic to Web Server #2. Of course, this would
be
> > determined by the host header information.
>
> Then just use a virtual host concept i.e. like the one from Apache, and
> proxy the right traffic to the second webserver.
>
> Yours,
> VB.
> --
> "Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
> deutschen Schlafzimmern passiert".
> Harald Schmidt zum "Weltjugendtag"

 

[Guest]

Archived from groups: comp.security.firewalls (More info?)

john lemon <john@lemon.com> wrote:
[IIS virtual hosts and proxiing to a second server]
> I understand that this is conceptually what I need to do...but how does it
> work in practice? Do you have any suggestions on how to start ?

http://support.microsoft.com/default.aspx?scid=kb;en-us;816576
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/iissdk/html/acca715c-aa55-405b-89fe-e9f9e4f34391.asp

A remapping tool is in the IIS resource kit.

HTH,
VB.
--
"Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
deutschen Schlafzimmern passiert".
Harald Schmidt zum "Weltjugendtag"