-1

Imagine this kind of setup. 5 servers. 1 server will be the "front-end", all the traffic has to go through it first before going to the 4 other servers.

I don't want people to know the IPs of the other servers, so they will be stuck at server 1 whenever they ping or traceroute or whatever.

Why do I want this? I'm thinking about getting a DDOS protected server with a reliable company, but since filtered IPs are expensive I only want to use 1 IP.

I was thinking if it is possible make routes like, if traffic is trying to access domain2.com on server 02 then redirect it to xxx.xxx.xxx.002, if traffic is trying to access domain3.com on server 3 then redirect it to xxx.xxx.xxx.003 and so on.

I know I can redirect traffic from server 1 to the other 4 servers using GRE tunneling. But I don't know a way to separate traffic the way I mentioned above. I thought "maybe using "iptables" but I'm not sure if it would be doable only with iptables, nor I know how to do it using iptables.

Is it possible to do something like this ???

viniciusmunich - AssabetTech
  • 41
  • 1
  • 5

1 Answers1

1

Iptables doesn't have a useful mechanism for this unless you implement layer 7 filtering. You would have to write your own custom filters for each of the sites, matching on the Host: header. This has a very significant drawback in that it cannot be made to work with SSL, and it is one of the slowest things you can do with iptables.

It would probably better to configure a reverse proxy on that host which internally resolves the various sites' DNS names to their backend IPs (you could do this very easily with /etc/hosts).

Falcon Momot
  • 24,975
  • 13
  • 61
  • 92