Iptables prerouting based on destination's DNS name?
TCP/IP packets are routed to ip-addresses and network ports, not to hostnames.
Therefore the iptables packetfilter works on ip-addresses, network ports and protocols as well and not on DNS/hostnames.
Your options are:
- configure bridging so your container get a public ip-address rather than a private range restricted to the host and set up DNS accordingly.
- use apache reverse proxy functionality (or similar) which does work at the DNS hostname level and route your HTTP requests at the application level:
for example:
NameVirtualHost *:80
<VirtualHost *:80>
# The DNS1 site is hosted locally
ServerName DNS1
DocumentRoot /var/www./...
</VirtualHost>
<VirtualHost *:80>
ServerName DNS2
# Forward all requests to container:
Proxypass / http://<container-ip>
ProxypassReverse / http://<container-ip>
</VirtualHost>
Related videos on Youtube
ITL
Updated on September 18, 2022Comments
-
ITL almost 2 years
I've got a question concerning iptable prerouting. I'm not that familiar with networking/routing/iptables so I hope this is not a stupid question, at all. So I ask for your understanding and indulgence.
What I do is: I use LXC to separate apps in containers. For accessing a service (maybe apache2) in a container, I have to do prerouting like this:
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 20080 -j DNAT --to <container-ip>:80
So far so good, works as it should.
Imagine the host system also runs an apache2 (Port 80). It got 1 NIC and 2 DNS-Names assigned: DNS1 (HostRecord) and DNS2 (Alias to DNS1) What I want to do is to PREROUTE not using the dport but by using the DNS-Name, so that:
http://DNS1:80 #ends up at the host apache2 http://DNS2:80 #ends up at lxc-container's apache2 (at the the same host)
Is it possible and if yes, how to configure iptables?
-
ITL about 10 yearsNow I've got the affirmation of what I have assumed. Thank you.