0

I currently have my Time Capsule to forward all inbound requests on port 80 to my Mac Mini which runs a web server with its local ip address of 192.168.1.8. I also have DNS set up so that if I go to example.com then it will send the request to my static public IP which will in turn cause the Time Capsule to forward the request on port 80 to my Mac Mini.

However I now have a Raspberry Pi on the local network also, with the ip address of 192.168.1.5. I want to be able to access the web server on the Raspberry Pi by going to pi.example.com, but I'm not sure how I can get the Time Capsule to port forward based on the domain. What I'd like to be able to have is something that works like this:

example.com:80       -->   public IP   -->    192.168.1.8:80
pi.example.com:80    -->   public IP   -->    192.168.1.5:80

Update

I've managed to do the above with Virtual Hosts and Forward Proxies in Apache. However that is just for HTTP on Port 80, how could I do this with other services such as SSH and FTP? Like:

example.com:21       -->   public IP   -->    192.168.1.8:21
pi.example.com:21    -->   public IP   -->    192.168.1.5:21
Joshua
  • 123
  • 1
  • 3
  • 9

1 Answers1

0

You'll need an HTTP server acting as a proxy in order to forward based on the domain name. The Time Capsule is probably just doing NAT, and so isn't able to do this.

mgorven
  • 30,036
  • 7
  • 76
  • 121
  • How exactly would I go about doing that? – Joshua Mar 06 '13 at 22:34
  • Well I've managed to do that with Virtual Hosts and Forward Proxies in Apache now. However that is just for HTTP on Port 80, how could I do this with other services such as SSH and FTP? – Joshua Mar 07 '13 at 19:10
  • @Joshua SSH and FTP don't have a concept of virtual hosts, so it can't be done at that level. You'll have to use different ports. – mgorven Mar 07 '13 at 19:11
  • So for any other port other than 80 and I assume 443 it can't be done? – Joshua Mar 09 '13 at 12:16
  • @Joshua It's the protocol which is relevant, not the port number. Most protocols don't have the concept of virtual hosts. – mgorven Mar 10 '13 at 20:09
  • @mgorven A full-blown HTTP server is not necessary though. It is sufficient to have it receive enough traffic to see the `Host` header and then pass all bytes through to the backend unmodified. It does not need to fully understand HTTP. However a simple NAT is indeed insufficient, since a NAT forwards the SYN packet to the backend, but at that time the client has not sent the hostname yet, so the NAT has no way of knowing which backend to use. – kasperd Apr 05 '16 at 21:19
  • @Joshua A standard SSH client does not send a hostname. What you are asking for is absolutely impossible to do with a standard hostname. However a slightly modified SSH client could send a message which according to the SSH protocol is to be ignored by the receiving server. Inside this ignored message it can insert a `Host` header, which if it is interpreted as HTTP will allow the frontend to dispatch the connection to the chosen backend. Client and server speaks SSH, intermediate frontend is fooled into believing the traffic is HTTP which has a `Host` header. – kasperd Apr 05 '16 at 21:23
  • @Joshua As for FTP and HTTPS, both protocols have been extended with headers for the purpose you are asking about. In the case of HTTPS any up-to-date client can be expected to support it. In the case of FTP very few clients support it. – kasperd Apr 05 '16 at 21:24