IP-Based Service Multiplexing | | Sunday, March 30th 2025, 09:40 |
-- How to host both a web server and VPN on port 80
Recently, I had to configure one of my servers to handle requests coming from a specific IP differently from the rest of the Internet. Specifically, I wanted port 80 to usually return my website, but for one specific client (based on the IP address), I wanted it to instead forward to request to another server running SSH. (Yes, that's kind of stupid, but drastic firewalls require drastic measures.)
In the following, I will show how to configure iptables to change the backend service handling a connection based on the source IP address. I'll give a quick example using a simple HTTP server using Python and one socat TCP endpoint serving the current date and time over raw TCP. I am intentionally choosing two incompatible protocols here to show that this method allows this.
