Just discovered something very interesting. I had all my websites setup on my machine with IP-based virtual hosts (i.e.
In shorewall, you can write a rule like:
DNAT net loc:10.0.5.10 tcp http -
which takes an incoming http connection to the firewall and forwards it to the appropriate IP (10.0.5.10 in this case) in the “loc” (local) zone. So I tried the same thing except the IP wasn’t an external machine.
For instance, eth0 is connected to the internet and gets a dynamic IP via DHCP. eth1 is connected to my internal network, similar to the firewall. It also runs shorewall. So I made eth1:0 an IP on the local network (say, 10.0.5.100). Then I have a rule that does:
DNAT net net:10.0.5.100 tcp http -
This takes the http traffic coming in from the network on port 80 and redirects it to port 10.0.5.100 (or incoming port 80 on eth0 to eth1:0).
Works like a champ! This way I can configure apache to use
I’m sure someone has come up with this before, but I was goofing around and came up with this and it worked so figured I’d share as this is much easier to manage than using wildcard addressing, particularly if you want to use https in there as well (anyone who was connecting earlier tonight probably got an XML download instead of a web page, and for that you have my apologies).