>-----Original Message-----
>From: netfilter-bounces@lists.netfilter.org
>[mailto:netfilter-bounces@lists.netfilter.org] On Behalf Of
>Giovanni Lovato
>Sent: dinsdag 13 maart 2007 11:48
>To: netfilter@lists.netfilter.org
>Subject: Matching packets by HTTP header "Host"
>
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>Hi all.
>I'm trying to forward packets to different hosts depending on
>the "Host"
>header in HTTP packets, e.g. packets on port 80 requesting "Host:
>one.example.org" to 192.168.0.1 and all other on port 80 to
>192.128.0.2.
This processing is at a too high level for NetFilter (without proper
extensions).
You should rather use a HTTP proxy, like squid or apache with proxy
module, for this operation. These are capable of handling such requests.
>I did:
>iptables -t nat -A PREROUTING -p TCP -i eth0 -m string --algo bm
>- --string "Host: one.example.org" --destination-port 80 -j DNAT
>- --to-destination 192.168.0.1
>
>iptables -t nat -A PREROUTING -p TCP -i eth0
>--destination-port 80 -j DNAT --to-destination 192.168.0.2
>
>But all packets are going to 192.168.0.2. Do I miss something?
The problem is that at connection-time there you cannot make the choice
to which server you must connect. This can only be decided when you are
already connected.
- Joris
|