Virtual host "lite"?

From: Schmuck (yamahasw40_at_latinmail.com)
Date: 10/16/03


Date: 16 Oct 2003 14:56:00 -0700

Hi all,

Short version: Is there a daemon that runs over linux that will
redirect an incoming we request based on DNS name, preferably
something lighter than Apache, so that users who access
"http://webmail.domain.com" will automatically be redirected to port
:443. However, people who access "http://www.domain.com" will be
forwared to an external server on the same port?

Long (somewhat humorous) version:

As (yet another) "Interrim measure" in the dog's breakfast that is our
corporate DMZ... (It will stop being "Interrim" when the 5 year old
recycled beige PCs running our core network infrastructure finally
fall over and the Boss works out what a "server" is.. not that I'm
bitter or anything)...

Uh-hem.

Anyway. As an interrim measure I have installed and configured a
webmail box and stuck it in the DMZ. Our DMZ is basically one rather
minimal Linux box that runs our external DNS as well as acting as a
second firwall. All incoming services hit this box and it farms off
all the other services to a "secure"(ish) private network behind it
(netfilter DNATs by port.)

ie.
ports 143, 22 and 25 go to our mail/ftp server (redhat linux)
port 80 goes to the web server (Windows NT 4 with MS IIS)
port 443 now goes to the webmail server. (Redhat 9.0, apache 2.0.40,
horde, imp, php 4.2.1, OpenSSL)

So

http://www.domain.com gets directed to the webserver
https://www.domain.com gets directed to the webmail server.

So do mail.domain.com, webmail.domain.com, smtp, imap etc. As they are
just aliases to one of our limited number of outfacing IPs, and the
boss won't buy more.

All well and good.

What I want to do is have conections to port 80 to a different DNS
name (but with the same external IP) redirected to the webmail server.
So if our users type in http://webmail.domain.com rather than
(http://) they will still get what they expect, rather than calling up
the helpdesk and yelling "WEBMAIL DOESN'T WORK" every 20 minutes.

I'm looking for something that I can install on the DNS/Firewall that
will give me this funcionality. I know that the Virtual hosting of
apache can do this, but this is after all a bastion host and I want to
keep it as bare as possible.

Note that I can't make any modifications to the web server... not even
an html edit. It was set up by people from another planet and thus
can't be touched by human hands.

Thanks in advance.

Matt



Relevant Pages

  • Re: Cant access web on local network server
    ... Yes my Windows 2003 R2 Standard Server is a DC domain controller. ... How do I open DNS for the outside? ... What port should I give access to? ...
    (microsoft.public.windows.server.general)
  • Re: POE and Port Redirection
    ... > The client will create many session on the same port on the Server. ... > redirect, but I am at a loss from where to from here. ... sub forwarder_create { ...
    (comp.lang.perl.misc)
  • Re: Deny MX queries for dynamic IP pools
    ... As a solution the routing team was thinking to block port 25 for outgoing as ... Luckily we have two set of DNS server farms; one that is serving static IP ... DNS port forwarded queries are going to external servers. ...
    (comp.protocols.dns.bind)
  • Re: Please help confused iptables user
    ... >> system talk to a remote 22. ... First rule says allow IN anything destined for your IP port 22. ... >> about DNS, asking remote servers if they'll accept your OUTBOUND mail), ... the "remote" DNS server is on the same network, ...
    (comp.security.firewalls)
  • Re: Setting up website on my DSL
    ... Well when I telnet to www.geewhizbang.com on port 80 I get something listening there. ... I assume you are doing a port forward on your router for port 80 to your web server. ... Just go into the andanved TCP/IP properties of the NIC on the DNS tab and untick the "Register this connection in DNS" This will make the errors go away. ...
    (microsoft.public.windows.server.dns)