Virtual Server FQDN based

Donald
Donald Posts: 3
First Comment
edited April 2021 in Security
Hi,
Let's put the following scenario:
I have a USG110 and I have one static public IP address X.Y.Z.T and I want to do forward (virtual server or NAT 1:1) based on the FQDN, so that an external DNS will have:
wiki.example.com -> X.Y.Z.T
www.example.com -> X.Y.Z.T
Then the USB110 should forward to 10.0.0.1 or to 10.0.0.2 depending on the FQDN.
Is it possible? all the documentation only talks about Virtual Server or NAT attached to an External IP and not to a name.
Thanks in advance!

Best Answers

  • Donald
    Donald Posts: 3
    First Comment
    Answer ✓
    So, maybe the only way is to have a internal apache/nginx proxy forwarding to the correct host based on FQDN?

All Replies

  • Ian31
    Ian31 Posts: 165  Master Member
    First Anniversary 10 Comments Friend Collector First Answer
    I think it's not support.
    Since the NAT only process the IP & port layer. 
    It's need application layer proxy function to support HTTP request redirect or re-write.

  • PeterUK
    PeterUK Posts: 2,655  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    edited April 2019
    With the move to SSL it be harder to do but I get what your thinking would be like Ian31 said for HTTP where the USG spits the SYN to both servers both SYN,ACK then ACK and waits for the Hypertext for HTTP://at to then sends traffic to that server....even then that might not work with timestamps so the USG would need to be a proxy doing the SYN, SYN,ACK and ACK to get the Hypertext for HTTP://at  to then connect to the right server.  
  • Donald
    Donald Posts: 3
    First Comment
    Answer ✓
    So, maybe the only way is to have a internal apache/nginx proxy forwarding to the correct host based on FQDN?
  • Donald
    Donald Posts: 3
    First Comment
    Fantastic! It would be great if this could be implemented, I'm liking the idea and ask to everyone who is interested to like it as well.
  • Pekka
    Pekka Posts: 4
    First Anniversary First Comment
    Any news on this? I would need this option now..

Security Highlight