[plug] name-based port forwarding with iptables

[John]

On Wed, 2003-02-05 at 22:25, Leon Brooks wrote:
> On Wednesday 05 February 2003 08:52 pm, John wrote:
> > I'm running woody on a 2.4 kernel with iptables setup, and what i want
> > to do is port forward based on the NAME of the server that's being
> > requested.
> 
> > if a packet comes in that's trying to go to abc.org, I want that packet
> > to go to one machine on the network.  If a packet comes in that's
> > looking for xyz.org, I want it routed to another machine.
> 
> You can do name-based hosting at the next major level up, in protocols like 
> HTTP (NameVirtualHost in Apache) or SMTP (Virtual Domains in PostFix, 
> SendMail, Exim etc), and that for a very limited number of protocols.
> 

Ok, that all makes sense and what i need to do is probably postfix
virtual domains in this instance.  Apache I can do easily, just not
familiar with postfix.

The situation is that the gateway box has a dns running on it for
'behind the firewall'.  The gateway knows that abc.org is itself, and
xyz.org is another machine on a local private IP.

abc.org needs to be able to receive mail, so I can't just forward port
25 to xyz.org willy-nilly.  I was thinking of something along the lines
of making external dns list abc.org secondary mx for xyz.org, then
abc.org should know how to forward mail correctly.  This has the
advantage of being transparent and not requiring too much done at the
gateway, and when xyz.org gets a real IP, mail should flow through
happily.

Will this work?

-- 
John <locutus at borg.apana.org.au>
APANA WA Huntingdale MAS