[ previous ] [ next ] [ threads ]
 
 From:  Adam Stasiak <palesius at gmail dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  NATing to an external IP address
 Date:  Fri, 25 May 2012 21:03:30 -0400 
Is it possible to use NAT (or some combination of NAT and other trickery)
to redirect an address on your WAN interface to another external IP address
(not on the WAN interface, but at some other site).

e.g. Site A has Public IP address 1.0.0.1
Site B has Public IP 1.0.0.2

I would like to redirect any requests that come in to 1.0.0.1 on port 80 to
go to 1.0.0.2 (also on port 80).

The goal is to be able to redirect HTTPS requests to a block of IP
addresses to a single IP address (but on different ports) to avoid needing
a different public IP address for each SSL encrypted site.
I already know about wildcard certs and certs with multiple host names on
them and also SNI, all of these are problematic for one reason or another.
If there were someway to redirect requests as mentioned above, I could
colocate a monowall box somewhere where I can get the IPs I need and
redirect them to the primary webserver, which unfortunately has a pretty
limited number IPs available.