Multiplexing IPs For Apache

Imagine a dual-homed host. 1 NIC faces the public internet and is
assigned a routeable address. The other NIC connects the machine to
an internal network of private (nonroutable) IPs. The box is used as
a NATing gateway for the machines on the internal network. For the
sake of argument, let's say the machine has these assignments:

public.bar.com 64.3.192.18
private.bar.com 192.168.0.100

Now, imagine that one of the machines on the private network is running
Apache virtual servers. Let's say it looks like this:

foo.bar.com 192.168.0.1
baz.bar.com 192.168.0.2
nuz.bar.com 192.168.0.3

The .1 address is the primary one for that machine's NIC. The .2 and .3
are aliases associated with this same NIC. This is done so that
Apache running on that machine can provide independent SSL certificates
for each virtual host.

Now, supposed the bar.com DNS entries visible to the public internet
pointed foo, baz, and nuz to public.bar.com. Here is the million dollar
question: Is there some magical way that to write an ipfw firewall rule
or even a NATing redirect that is based on *the http header* rather than
the IP address? IOW, is there a way to examine all traffic coming in on
64.3.192.18:80 and multiplex it across the internal foo, bar, nuz
machines as requested in the http envelope?

The idea, of course, is to minimize the number of publicly consumed
routeable IPs while still hosting many virtual hosts *inside* the
private network. I'm guessing that there is some way to do this because
web hosting ISPs do not consume an IP per virtual host (do they?).

P.S. I am aware that you can do Apache virtual hosting distinguished
by *name* running on a single IP. The problem with this is that each
Apache virtual host cannot have a unique SSL certificate for its
https portions so this is a nonstarter in my universe.

TIA,
--
----------------------------------------------------------------------------
Tim Daneliuk tundra@xxxxxxxxxxxxxx
PGP Key: http://www.tundraware.com/PGP/

.

Relevant Pages

  • Re: Hyper-V, RAAS woes. . . Please help
    ... From the host I am able to ping www.news.com. ... Can you ping the host's static public IP from the guest? ... > My Hyper-V Guests cannot traverse through NAT to gain internet access. ... Pointed internet network to the internal network ...
    (microsoft.public.windows.server.general)
  • [SLE] Possibility to use two gateways?
    ... in SuSE routing configuration for the each host on internal network? ... Two servers SW1 and SW2 with their own separate Internet ... The rest of the hosts on internal network connected to the switch_2 ... What I want to achieve is to specify two default gateways for the each ...
    (SuSE)
  • Re: Sendmail Host Lookup failure
    ... > I have setup a small internal network that connects to the Internet. ... > I am running Redhat 8 with all of the patches. ... > My computers have host names, ...
    (linux.redhat)
  • Re: 2 pc network - cant see host files from pc 2 on pc 1
    ... If the second card is lost on HOST PC then DSL Internet does not connect. ... Ditch the second network card in the one ...
    (microsoft.public.windowsxp.security_admin)
  • RE: Spamcop listed - need help to diagnose why
    ... >> The damage done to the Internet by just a single host that might ... using archaic versions of Exchange, or notes mail, or whatever - these ... All I said was that listing systems that do not ...
    (freebsd-questions)