On 5/25/2012 9:03 PM, Adam Stasiak wrote:
> Is it possible to use NAT (or some combination of NAT and other trickery)
> to redirect an address on your WAN interface to another external IP address
> (not on the WAN interface, but at some other site).
> e.g. Site A has Public IP address 18.104.22.168
> Site B has Public IP 22.214.171.124
> I would like to redirect any requests that come in to 126.96.36.199 on port 80 to
> go to 188.8.131.52 (also on port 80).
> The goal is to be able to redirect HTTPS requests to a block of IP
> addresses to a single IP address (but on different ports) to avoid needing
> a different public IP address for each SSL encrypted site.
> I already know about wildcard certs and certs with multiple host names on
> them and also SNI, all of these are problematic for one reason or another.
> If there were someway to redirect requests as mentioned above, I could
> colocate a monowall box somewhere where I can get the IPs I need and
> redirect them to the primary webserver, which unfortunately has a pretty
> limited number IPs available.
This capability could be quite useful and has been asked about on the
But AFAIK it is not possible to achieve this with m0n0wall.
Prior to starting with m0n0wall, I was using GNATBox, a payware FreeBSD
based firewall product. It had this capability in the quite old version
I had been using, v 3.4.2, and I made use of it to proxy certain
connections - the incoming request was forwarded back out the WAN port
but appeared to originate with my WAN IP address. It's quite possible it
still works on that product and they do offer a limited freeware version.
Another possibility is pfsense, another freeware FreeBSD firewall forked
from m0n0wall some time ago. They have a mail list and forum you could
make inquiries on. GNATBox, aka GBWare also has a forum.
I do dislike pointing folks away from m0n0wall, but if your requirement
is a "must have", then I am afraid the solution lies elsewhere. If it
turns out I am wrong, I'd love to know how it can be done with m0n0wall.
Let us know what you discover and good luck.