Eric Peterson writes: > Hi all, > > My company is trying to expand our service to our customers and part > of that has involved setting up virtual machines for our customers. We > have a number of services that we provide on each virtual machine that > go beyond the normal web server type of hosting solutions. > > I need a way to map hostnames to a virtual server behind the NAT > firewall and forward ports through the firewall. The catch is that all > the servers will be running services on the same ports. I know with > Apache you can use virtual hosts this way, but I don't know of a way > to do this with apps such as ssh. > > So is there a way to forward the same ports to several NAT hosts using > only one public IP address based on the hostname? > > For example: > > "ssh hosta.example.com" would connect you to 192.168.1.10 > "ssh hostb.example.com" would connect you to 192.168.1.11 > > Both hosta and hostb share the same public IP. short answer: this cannot be done. use multiple external IPs or ports. what you can do though is something like this: the person who needs access to hosta.example.com comes from a.b.c.d, using some iptables magic you forward that person onto 192.168.1.10. the person who needs access to hostb.example.com comes from f.g.h.i and iptables forwards that person onto 192.168.1.11 something like(warning untested): iptables -t nat -A PREROUTING -p tcp -s <source> -d <public> --dport 22 -j DNAT --to-destnation <private:port> -- Munir Nassar