RE: [suse-security] Iptables rules for nat to apache ip based virtual hosts

["Kummer, Ben" <Kummer@xxxxxxxxxxxx>]

Hi Stefan,

> I have got one official ip address and a dmz with an apache 
> webserver with ip based virtual hosts config.

> iptables -t nat -A PREROUTING -i $INF -p tcp --sport 1024: -d 
> www.mydomain.com --dport 80 -j DNAT --to 1.2.3.4:80
> 
> iptables -A FORWARD -p tcp -d 1.2.3.4 --dport 80 -i $INF -j ACCEPT
> 
> Do I need an application level gateway for this config or

>From my point of view you need for each private ip an official ip to
setup the ip tables solution.
Either you use an application level gateway eg apache with
rewrite/proxy rules  to check the HTTP header, or you setup
apache with named based virtual host, which should be more simple.

Best regards Ben
--
Ben Kummer, VDIVDE-IT, Rheinstr. 10b, 14513 Teltow Germany
fon: +493328/435106 fax: +493328/435281 email:kummer@xxxxxxxxxxxx 
 

--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here