Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
If your home static IP is 123.123.123.123, then all unicast traffic that gets to that gateway will have that same destination IP. The only way to distinguish between the hosts to which specific packets should be redirected would be by port number. Even though you may have multiple DNS records 'pointing' to the same IP, any reference to those IP names is lost once the packet has been sent. There is no name content in the packet in transit, only the actual numeric address.
With respect to your iptables rules, you would need to add a rule that actually does the forwarding of the packet. Your rule should be good for translating the packet into one that would find its way to the intended host, but you need a FORWARD rule to actually get it sent. Something like:
Code:
iptables -A FORWARD -d 192.168.1.4 --dport 80 -j ACCEPT
This example uses port 80, assuming your server is an HTTP server. You might need to add a parameter about what interface the original packet came from.
--- rod
Are you sure that the "IP name" is lost. If you're using virtual hosts with apache it's able to distinguish the names properly, is it that iptables is unable to do this?
Okay, we're both right. After a short experiment with wireshark, I see that at the pure TCP level, where iptables does its work, there is no name information in the packet. For an HTTP request packet, there is a header in the data frame of the packet which identifies the host by name, called the "Host:" header. That would be what allows a web server to host multiple virtual servers. I always wondered about that.
--- rod.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
Repoint traffic to "black ip" based on DNS name
