Route traffic from Internet to correct internal server (based on hostname)

I have two servers on my local network, which I want to make accessible to the Internet.

I want all traffic to server1.example.com to be routed to 10.0.0.1 and all traffic to server2.example.com to be routed to 10.0.0.2

If need be, I can set up a third server to run a proxy or whatever is needed. I'd prefer a Mac/Linux solution.

Most other solutions I've seen only proxy specific services. I want to proxy all traffic.

How can I route based on hostname?

Travis

Posted 2017-06-01T15:34:33.060

Reputation: 207

Are you talking about HTTP(S), or plain old IP routing? – Attie – 2017-06-01T16:08:06.880

I don't want it to be protocol specific. I want to route all traffic. – Travis – 2017-06-01T16:19:08.257

Answers

As @Andriy has stated, using IP alone, this is not possible.

When your computer connects to server1.example.com, it is actually resolving this to an IP address, for example: 123.123.123.123.

Once it has the IP address, it will then attempt to connect to the relevant port on host 123.123.123.123. At this point, there is no concept of a 'hostname' or DNS.

If you want to achieve this, then you have two options:

Differentiate the services by using different public IP addresses.
Differentiate the services by using different ports.

You have already stated that "don't want it to be protocol specific", but (for example) if you were using HTTP(S), then this would be possible.

This is only possible because HTTP includes additional information in its headers, after connecting to the host at 123.123.123.123 it says "Please act as if I'm talking to server1.example.com".

It is trivial to connect to 123.123.123.123 and say "Please act as if I'm talking to someotherhost.example.com" - even if this host is not publicly advertised. Whether this request is actioned depends on your configuration.

Attie

Posted 2017-06-01T15:34:33.060

Reputation: 14 841

Unfortunately, there are no host names in IP routing, just IP addresses. IP header contains just source and destination IPs, not host names.

So you can not proxy all traffic based on names simply because IP packets have no domain names inside.

Some protocols though, like HTTP 1.1, do carry domain names inside. So you can setup a reverse HTTP proxy, look into the HTTP requests and forward them to your internal servers based on the domain names/URLs inside those requests.

There are a variety of HTTP reverse proxies. Basically, most HTTP servers, like Apache, can be configured as a reverse proxy. Here is an example of such configuration:

https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html

Andriy Berestovskyy

Posted 2017-06-01T15:34:33.060

Reputation: 178

The Internet can route example1.com and example2.com to the correct IP address. I'm trying to set up my intranet to do the same. Maybe I should speak in terms of DNS and not proxying... – Travis – 2017-06-01T16:20:03.427

@Travis So the easiest solution would be to add records to "hosts" file. On linux it is in /etc/hosts, on windows it is in c:\Windows\System32\Drivers\etc\hosts. Just add there are two records and you are good to go. Another option is your local DNS server. Please have a look here: https://en.wikipedia.org/wiki/Name_server

– Andriy Berestovskyy – 2017-06-01T16:27:30.287

Yes, but I guess this won't work going from Internet to intranet without the solution being protocol-specific. Oh, well. – Travis – 2017-06-01T16:29:46.650

@Travis yes, it will work within your intranet. It won't work from the Internet. – Andriy Berestovskyy – 2017-06-01T16:40:20.097