greco

joined 2 years ago
[–] greco 2 points 8 months ago

Can you maybe share some more information? Do you have a list of services, how you want them mapped, etc.?

[–] greco 2 points 8 months ago (2 children)

It will accept all traffic sent to it via the ports it is listening on, just like any other service. It doesn't have to forward everything though, and what it does with that is up to it's configuration options and what you do with those.

Since you mentioned the wildcard cert, I assumed you were talking about services that speak http/s, and that they'd probably be on port 443. Those were a lot of assumptions by me.

If it's not an http/s type service, what kind of services are we talking about?

[–] greco 5 points 8 months ago (4 children)

This won't work. At the level you are looking to route the packets, there is no concept of which domain the request was intended for. You need a service that knows how to look at that packet, and forward it appropriately.

What you need to look into is a Reverse Proxy such as haproxy, caddy, or nginx (no specific order). I use haproxy to do something similar, but only on my internal network (with wireguard to access those when I am elsewhere).

Which ever reverse proxy you pick will be responsible for looking at those packets coming into it, and can determine the intended domain to route them appropriately, either through SNI, or more likely by unrwrapping the TLS on the packet.

I'd be careful with doing this, as you are letting whatever outside traffic into your network, so it's up to you to assess the risk for your use case and make the appropriate mitigations.