On 2011-08-17, Quintin Prinsloo <qprins...@quinix.com> wrote: > We've been using pf for a number of years with one pf firewall serving > multiple backend servers (i.e. Load-balanced web farm). Now we've added more > backend servers with their own external ip addresses. It seems a waste to > have one firewall for low volume, specialized sites, forwarding to only one > set of servers only. > > We're trying to have the same OpenBSD server redirect traffic based on the > external ip address. > > What we're having difficulty with right now is getting relayd and pf to > redirect the same ports, example 80 & 443 to different backend servers based > on external ip (and domain name). It does work on ip address but not domain > names.
When the IP address is the same, the only way to distinguish requests is with the HTTP Host: header. relayd doesn't allow different backends based on this, only IP addresses. If you want this without writing additional code in relayd, you could use something like nginx, pound, varnish, ...
