Address (url) forwarding with Vyatta

Question

Got this kind of noob question i suppose. I got this very basic network setup and need help to set up some address forwarding.

As seen in my illustration below all traffic enters via the eth0 interface (85.123.32.23). The external dns is setup to direct all hosts to this ip as well.

Now, how on earth do I filter the incoming requests to each box? The Ip's are static!

My network layout:

I do not wish to solve this by assigning tons of ports etc.

In my wishful thinking something like this would be nice :)

set service nat rule 10 type destination
set service nat rule 10 inbound-interface eth0
set service nat rule 10 destination address ftp.myhost.com
set service nat rule 10 inside-address address 192.168.100.20

This way ALL traffic to the address ftp.myhost.com (at eth0) should be routed to the internal ip, 192.168.100.20.

Right, is there anyone who could point in some direction? Maybe it's wrong to use nat?

Please help me! :)

Answer 1

You cannot achieve this with NAT as NAT operates at the network layer (layer 3), not DNS (layer 7) level. As a result, you example of set service nat rule 10 destination address ftp.myhost.com will not work.

NAT allows your public IP address to be shared between multiple internal hosts that have difering services. For example, SSH, HTTP, HTTPS and SMTP, all hosted on differing servers can share a single public IP using NAT.

However, if for example you have multiple web servers you want to share the same public IP, then you'll need to set up virtual hosts, or virtual host redirection using something like Apache. There may be other products that can do this.

http://httpd.apache.org/docs/2.0/vhosts/name-based.html

What you would need to do is forward port 80 (web) to an internal host that can then pull from other servers, or multiple virtual hosts on the same box (see above link). NOTE: this is only valid for web and ftp. For other services, you'll have to look at alternatives (different ports etc).