Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

How to configure a router to faword based on subdomain rather than port


  • Please log in to reply
8 replies to this topic

#1 Guest_slehmann36_*

Guest_slehmann36_*

  • Guests
  • OFFLINE
  •  

Posted 10 September 2014 - 05:54 AM

Hi,

I am running a large network at home (mostly for educational purposes) including two web servers each running virtual hosts.

 

i was wandering how you can configure your router to faword an external http request by subdomain rather than incoming port

 

e.g

mail.[domain].com to xxx.xxx.xxx.xxx

[sub].[domain].com to [virtual hostname]

 

Any help would be greatly appreciated

 

Thanks

 

Simon Lehmann



BC AdBot (Login to Remove)

 


#2 CaveDweller2

CaveDweller2

  • Members
  • 2,629 posts
  • OFFLINE
  •  
  • Gender:Male

Posted 10 September 2014 - 03:11 PM

What are you looking to accomplish? What equipment are you using? I understand what you are wanting to do but what is the end result you are looking for?


Hope this helps thumbup.gif

Associate in Applied Science - Network Systems Management - Trident Technical College


#3 Wand3r3r

Wand3r3r

  • Members
  • 2,027 posts
  • OFFLINE
  •  
  • Local time:08:25 PM

Posted 10 September 2014 - 03:31 PM

If you notice your routers forwarding page has only ip addresses not domain names for entry.

 

Your internet registered domain name's MX record determines where internet mail is pointed to.  Its up to you to forward the mail ports to your mail server properly.



#4 Guest_slehmann36_*

Guest_slehmann36_*

  • Guests
  • OFFLINE
  •  

Posted 10 September 2014 - 06:53 PM

What are you looking to accomplish? What equipment are you using? I understand what you are wanting to do but what is the end result you are looking for?

Sorry, I should have specified. 

 

I want users to be able to enter a web URL into their web browser's address bar (example1.domain.com)and it finds its way to the example1 virtual host on my web server. then another user to enter a different URL (example2.domain.com) and it finds its way to the example2 virtual host on my web server. 

 

I am asking how the router can be configures (if it can) to forward based on the sub.domain.com entered into the users web browser rather than the incoming port

 

I thought about it later, do I need to have a local DNS server running that the router can forward everything to that can dish out the http requests instead?

 

Thanks

 

Simon Lehmann


Edited by slehmann36, 10 September 2014 - 06:54 PM.


#5 Guest_slehmann36_*

Guest_slehmann36_*

  • Guests
  • OFFLINE
  •  

Posted 10 September 2014 - 06:56 PM

If you notice your routers forwarding page has only ip addresses not domain names for entry.

 

Your internet registered domain name's MX record determines where internet mail is pointed to.  Its up to you to forward the mail ports to your mail server properly.

I am aware of that but I they only point to the public facing IP address of my modem/router. 



#6 CaveDweller2

CaveDweller2

  • Members
  • 2,629 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:25 PM

Posted 10 September 2014 - 10:31 PM

setting up some sort of proxy server might be the best bet. This  http://www.dslreports.com/forum/r28596550-Multiple-servers-behind-one-IP-address seems like he wants to do the same thing....and the last post suggests proxy and that is what I've read in other posts. I have no personal experience with proxies let alone setting one up but your requests would go to the proxy server and then redirected to the proper web server depending on the URL? Sounds good anyway. I dunno


Hope this helps thumbup.gif

Associate in Applied Science - Network Systems Management - Trident Technical College


#7 sflatechguy

sflatechguy

  • BC Advisor
  • 2,226 posts
  • OFFLINE
  •  
  • Gender:Male

Posted 11 September 2014 - 12:22 AM

If you are only doing this internally on your home LAN and don't intend for external users to access those subdomains, then either an internal DNS server or even just making the changes to the host files on the computers would do the trick.

 

My bad. That's what I get for reading posts quickly late at night. :(

 

You need to make sure you have a static external IP address, and if your router doesn't support routing using fully qualified domain names, you would need an internal DNS or proxy server to route those requests.


Edited by sflatechguy, 11 September 2014 - 12:42 AM.


#8 Guest_slehmann36_*

Guest_slehmann36_*

  • Guests
  • OFFLINE
  •  

Posted 11 September 2014 - 04:42 AM

Ok thanks 

 

i will look into setting up a dns server or a proxy server



#9 x64

x64

  • Members
  • 352 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London UK

Posted 11 September 2014 - 05:35 AM

The short answer is that it depends on how complex a router or firewall you have connected to the Internet. Home grade equipment will likely not be able to do what you want.

Probably the best thing to to is to explain why...

Let's consider the pieces in the jigsaw... Initially we will think about non-ssl websites (ie HTTP rather than HTTPS)

Firstly consider DNS. When someone visits one of your sites, their system will retrieve the internet facing IP address of that site from internet facing DNS. The conversation between their browser and your published site will be to that IP address.

It is possible to have multiple sites hosted on one public IP address, but the process above will be the initial step, and communications will be to the IP address determined by DNS. The domain name of the site does not come into the routing of the traffic once DNS has proclaimed which IP address to talk to.

The routers that make up the Internet and consumer grade DSL routers will only make decisions based on the destination IP address and port of the traffic (OK I have made big simplifications in that assertion, but for our purposes they are justified).

Your DSL router (or simple corporate router or firewall) will receive a TCP connection to port 80 of its external IP and use port forwarding to forklift that traffic directly to a single internal server.

OK so I've just said that multiple sites can share an IP address, but then seemed to contradict myself by saying that the traffic will be routed to the same server as it has the same destination IP address and port. So what is different between the requests that allows the differentiation based on requested site to be made?

The HTTP requests them-self contain the name of the site being requested (as part of the HTTP application protocol), however as the requested site name is buried in the application level chatter, normal routers cannot take decisions based on it. In fact (although it is VERY likely to be) the requested host information may not even be in the first physical IP packet sent across the established TCP connection.

The actual request passed across the TCP connection (which you will recall is made to the IP address retrieved for the site) may be as simple as...

GET  /  HTTP/1.1
HOST: www.bleepingcomputer.com

(followed by a blank line)

This says GET the default page for the website site using the HTTP 1.1 protocol. Oh... and by the way, the site we are interested in is "www.bleepingcomputer.com".

In order to take decisions based on the name of the requested site, the device or server making that decision needs to be thinking at the application level - most routers do not do that.

So what can do that?....
Well the web server itself will be able to. If you host multiple sites on one server then you will need to configure each site with a unique combination of IP address, port, and host-header. From that information the server knows which site to reply as.

You seem to say that you have multiple servers, hosting separate collections of sites, but sharing the same internet facing IP address. Well in that case, the servers themselves can't make the decision by themselves, as we need to decide which server to route the traffic towards before the servers ever see the request.

As others have said above, a proxy device inside your network between your router and the servers could listen to all requests, analyse them at the application level, and pass the (now sorted) requests to the correct destination web-server.

Mid-high level corporate firewalls can also include this kind of technology in the firewall itself (and can even go further, sending request for let's say the '/news' part of a site to server "A" and the '/sport' part of the same site to server "B"). This would be the more usual way of handling this situation.

I mentioned at the top of this post that there is something different about SSL sites (HTTPS).

In the case of SSL sites, the traffic is theoretically encrypted all of the way between the browser and web server. However the same trick with the "host" header goes on within the conversation between browser and server. The gotcha, there is that since the host header is within encrypted traffic, it cannot be used for routing decisions at all. As always, there is a need to do this, and the workaround is to allow your (complex) firewall access to the servers SSL certificate, to that it can decrypt the traffic, examine the host header and route it through its server publishing logic. This is of limited value however as part of the SSL protection is to prove that you are talking to he correct server for your requests site - so the certificate itself is specific to the requested server name.

x64

(edited to add extra text to the SSL paragraph)
 


Edited by x64, 11 September 2014 - 05:50 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users