Hostname-based filtering?

Mike Bristow mike at urgle.com
Wed Jul 14 19:56:54 BST 2004


On Wed, Jul 14, 2004 at 12:17:19PM +0100, Jonathan Belson wrote:
> The company I work for has a Borderware firewall which can do selective
> port forwarding based on hostname.  For example, if
> 
> host1.blah.com
> 
> and
> 
> host2.blah.com
> 
> both point to the same IP address, then you can filter traffic based on
> whether it was directed at 'host1' or 'host2'.

This is impossible at the IP, TCP, UDP layers.  It is possible at the 
application layer (read HTTP or SMTP or whatever), but only if the 
application layer supports it.

> Does FreeBSD/ipfw offer this kind of functionality?  What I'd like to do
> is forward traffic received via a particular hostname to another machine -
> Borderware firewalls can do similar to pass traffic through to a machine
> on an auxiliary port.

No.  

But, if you're only worried about (say) HTTP, and don't mind failing
to support old (HTTP/1.0 only:  read pre-netscape 3, I think)
browsers, then squid (for sure) and other web proxies running on
the firewall will be able to do this - independantly of the OS.

-- 
You dont have to be illiterate to use the Internet, but it help's.





More information about the Ukfreebsd mailing list