Reverse proxy other than web ports?



  • Hello! Noob here, so unsure as to a reverse proxy is a firewall, or if it should be under NAT?  :o

    Anyways, I've been looking to redirect traffic to my machines depending on subdomain. I understand this can only be made through a reverse proxy (I have 1 IP). All the guides so far specify multiple web servers - is this technique limited to HTTP only? I host a mumble server, which I want to host on mumble.mysite.com, which runs on port 64738.

    I have dabbled some with squid3 and HAProxy.

    Any guidance is greatly appreciated.



  • Having multiple different services/sites listen on 1 ip:port and then forwarding it to the correct local server is only possible if the proxy knows where to forward the connection to. http is an easy protocol for this as it usually includes a 'host' header in the first request that is send out by a browser. HTTPS can be decrypted by the proxy and then treated like http so that also works.. For SSL its also possible to use the un-encrypted SNI name, but only if the client actually sends that piece of information..

    Then the majority of other protocols do not send the 'destination' in the first request packet, and as such it is impossible for the proxy to know what dns name was resolved to an ip by the client when they generated the request.. For example SSH and RDP are frequent requests.. But for those it is not possible to detect what destination server was intended..

    So only protocols i know this will work for are:

    • HTTP > using the host header (that header mandatory starting from HTTP/1.1)
    • SSL > using the SNI extension (IF the client sends it.)
    • HTTPS > is basically just SSL on the outside so it can be treated as SSL)
    • HTTPS > with SSL decryption so it can be treated the same as HTTP)

    Most protocols dont send this kind of information, or need very specific proxy software.. so only option for those would be to run them all on different ports..


Log in to reply