On Mon, Nov 25, 2024 at 11:37:33AM +0100, prx wrote:
> Hi,
> I can't figure out how to assign a domain name to a client vm.
> What I need to do is to redirect traffic on the appropriate vm according to
> the domain name.
>
> i.e.
>
>
> +--MY SERVER VM'S--+
> | |
> -------> foo.tld -------> foo |
> INTERNET -------> bar.tld -------> bar |
> -------> els.tld -------> els |
> | |
> +------------------+
>
> So far, I have this not-working setup:
>
> ```/etc/vm.conf:
> # something like in FAQ
> switch "my_switch" {
> interface veb0
> }
>
> vm "foo" {
> memory 512M
> disable
> disk /var/vms/foo.qcow2
> owner me
> interface { switch "my_switch" }
> }
> ```
>
> As specified in FAQ, I added veb0 and vport0 interfaces:
> ```
> # cat << END > /etc/hostname.vport0
> inet 10.0.0.1 255.255.255.0
> up
> # cat << END > /etc/hostname.veb0
> add vport0
> up
> END
> # sh /etc/netstart vport0
> ```
>
> My vm has the address 10.0.0.2 and can ping its gateway 10.0.0.1.
>
> ip forwarding is enabled:
>
> ```/etc/sysctl.conf
> net.inet.ip.forwarding=1
> ```
>
> Now I'm trying to use a binat-to rule in pf.conf, but I must miss something
> here:
>
> ```
> int_if = "vport0"
> ext_if = "egress"
>
> match on $ext_if from 10.0.0.2 to any binat-to foo.tld
>
> match out on $int_if from any to 10.0.0.2 \
> received-on $ext_if nat-to $int_if
>
> pass on $int_if
> pass on $ext_if
> ```
>
> Do you have any advice to realize such task, maybe in a more clever way?
>
> Regards.
> prx
>
I do something like this locally for 3 VMs that serve http/https. I use relayd
on an ingress VM which terminates TLS (and has the certificates for the hidden
domains), and forwards the traffic to the VMs behind the ingress.
Is this what you want to do, or are you looking for something
non-http/non-https?
