HTTP 1.1 Request Headers sniffing router

I have tentatively talked a friend of mine, with lots of spare bandwidth,
into serving my low-to-medium-traffic web site from his IP as well.

Now, he is a MS kind of person (Windows, IIS) and I am a non-MS one
(FreeBSD, Linux, Java, . . .) He is also more of a hardware person than I
am.

He does not want to affect his own IIS server and network or spend much
time administering it or dealing with it, so I promised him to minimize it
to nearly no time whatsoever.

He told me he would do it if at the minimum problem he could simply
"unplug my sh*t" :-)

SO I was thinking about having some king of hardware based switch/router
simply sniffing all incoming packets on port 80 (probably 443 in the future
for users login only no user's compromising data, he told me) and if they
look like coming my server's way directed to me, otherwise to his network.

Also he should also be able to simply take the router off the loop and my
network down and reconnected the way it was before with 0 configuration hassle

So, which piece of hardware would I need?

What kind of configuration settings are needed in my own ISP's DNS server?

Do you know of any other issues or zero-admin approaches to administering
a simple server?

> I have tentatively talked a friend of mine, with lots of spare bandwidth,
> into serving my low-to-medium-traffic web site from his IP as well.
>
> Now, he is a MS kind of person (Windows, IIS) and I am a non-MS one
> (FreeBSD, Linux, Java, . . .) He is also more of a hardware person than I
> am.
>
> He does not want to affect his own IIS server and network or spend much
> time administering it or dealing with it, so I promised him to minimize it
> to nearly no time whatsoever.
>
> He told me he would do it if at the minimum problem he could simply
> "unplug my sh*t" :-)
>
> SO I was thinking about having some king of hardware based switch/router
> simply sniffing all incoming packets on port 80 (probably 443 in the
> future
> for users login only no user's compromising data, he told me) and if they
> look like coming my server's way directed to me, otherwise to his network.

It's not happening. I run my own hosting company and what you want to do is
not feasable.

Here's how tcp works:

client sends SYN packet to start the communication
server sends an ACK to acknowledge the connection
server sends a SYN to sync up the client
client sends data (like http header)

So what are you going to do with that first packet? You've got no clue
which server it wants. But you have to send it somewhere.

An alternative is to run apache on your box and set up his domain as a proxy
(where your apache serves his site by requesting the pages from his server
and sending them down to the client requesting them). The thing is, if your
box breaks his site is down, so that's not going to work for him.

You could do it the other way around, where he proxie serves your site, but
I don't know how to do that in IIS.

Why not just get your own IP off of his connection? Set your box on that IP
and your traffic remains sepparate. If your box goes down it doesn't
interfere with his.

> Also he should also be able to simply take the router off the loop and my
> network down and reconnected the way it was before with 0 configuration
> hassle

if you run your own IP you prob won't need a router.

> What kind of configuration settings are needed in my own ISP's DNS server?

well you'll need to register your domain name, and most registrars allow you
to run your DNS off of them.

> Do you know of any other issues or zero-admin approaches to administering
> a simple server?

There are a lot. Why not pay $5 a month and get a hosting provider to host
your site. We already have all the tools you need to admin your site.

For more info: www.CSRTechnologies.com

Albretch wrote:
> So, which piece of hardware would I need?

You need a software router machine with Linux and iptables
between "your friend" and its ISP.
All IP traffic from ISP to "your friend"
should be transferred transparently
except one TCP port where your HTTP server,
running also on your Linux machine, will reside.
The rule may look like:
# iptables -t nat -I PREROUTING -i <interface_to_ISP> -p tcp --destination-port 8080 -j REDIRECT

You did not mentioned what communication technology offers your friend's ISP,
so I suppose that problems with MAC addresses and DHCP can occur.
May be, purchasing another IP and connecting via hub
would be a good solution.

Even don't try to share same IPort with "your friend"'s IIS!
It would be (theoretically) possible,
but practically difficult and dangerous.
Use non-standard HTTP port
and drop these "Headers sniffing routers" out of your brains.


--
qq~~~~\ [ úá IP âåú ãåîúõòù ] [ Read Usenet in the proper place ]
/ /\ \ [ FAQ you ]
\ /_/ /
\____/ Linux console notes http://www.comtv.ru/~av95/linux/console/