diff --git a/cmd/farva-gateway/main.go b/cmd/farva-gateway/main.go
index 42f29ba..24fb5f6 100644
--- a/cmd/farva-gateway/main.go
+++ b/cmd/farva-gateway/main.go
@@ -19,7 +19,8 @@ func main() {
 	fs.BoolVar(&cfg.NGINXDryRun, "nginx-dry-run", false, "Log nginx management commands rather than executing them.")
 	fs.IntVar(&cfg.NGINXHealthPort, "nginx-health-port", gateway.DefaultNGINXConfig.HealthPort, "Port to listen on for nginx health checks.")
 	fs.IntVar(&cfg.FarvaHealthPort, "farva-health-port", gateway.DefaultConfig.FarvaHealthPort, "Port to listen on for farva health checks.")
-	fs.IntVar(&cfg.HTTPListenPort, "http-listen-port", gateway.DefaultConfig.HTTPListenPort, "Port to listen on for HTTP traffic.")
+	fs.IntVar(&cfg.HTTPPrivateListenPort, "http-private-listen-port", gateway.DefaultConfig.HTTPPrivateListenPort, "Port to listen on for internal HTTP traffic.")
+	fs.IntVar(&cfg.HTTPPublicListenPort, "http-public-listen-port", gateway.DefaultConfig.HTTPPublicListenPort, "Port to listen on for external HTTP traffic.")
 	fs.StringVar(&cfg.FifoPath, "fifo-path", gateway.DefaultConfig.FifoPath, "Location of nginx stderr and stdout logging fifo.")
 	fs.StringVar(&cfg.ClusterZone, "cluster-zone", "", "Use this DNS zone for routing of traffic to Kubernetes")
 	fs.StringVar(&cfg.AnnotationPrefix, "annotation-prefix", gateway.DefaultKubernetesReverseProxyConfigGetterConfig.AnnotationPrefix, "Forms the lookup key for additional gateway configuration annotations.")
diff --git a/pkg/gateway/gateway.go b/pkg/gateway/gateway.go
index 9b2afa8..84750a3 100644
--- a/pkg/gateway/gateway.go
+++ b/pkg/gateway/gateway.go
@@ -11,21 +11,23 @@ import (
 )
 
 type Config struct {
-	RefreshInterval  time.Duration
-	KubeconfigFile   string
-	ClusterZone      string
-	NGINXDryRun      bool
-	NGINXHealthPort  int
-	HTTPListenPort   int
-	FarvaHealthPort  int
-	AnnotationPrefix string
-	FifoPath         string
+	RefreshInterval       time.Duration
+	KubeconfigFile        string
+	ClusterZone           string
+	NGINXDryRun           bool
+	NGINXHealthPort       int
+	HTTPPublicListenPort  int
+	HTTPPrivateListenPort int
+	FarvaHealthPort       int
+	AnnotationPrefix      string
+	FifoPath              string
 }
 
 var DefaultConfig = Config{
-	HTTPListenPort:  7331,
-	FarvaHealthPort: 7333,
-	FifoPath:        "/nginx.fifo",
+	HTTPPrivateListenPort: 7331,
+	HTTPPublicListenPort:  7330,
+	FarvaHealthPort:       7333,
+	FifoPath:              "/nginx.fifo",
 }
 
 func DefaultHTTPReverseProxyServers(cfg *Config) []httpReverseProxyServer {
@@ -41,7 +43,7 @@ func DefaultHTTPReverseProxyServers(cfg *Config) []httpReverseProxyServer {
 			},
 		},
 		httpReverseProxyServer{
-			ListenPort:    cfg.HTTPListenPort,
+			ListenPort:    cfg.HTTPPrivateListenPort,
 			DefaultServer: true,
 			StaticCode:    444,
 		},
@@ -61,9 +63,10 @@ func New(cfg Config) (*Gateway, error) {
 	}
 
 	krc := &kubernetesReverseProxyConfigGetterConfig{
-		AnnotationPrefix: cfg.AnnotationPrefix,
-		ClusterZone:      cfg.ClusterZone,
-		ListenPort:       cfg.HTTPListenPort,
+		AnnotationPrefix:  cfg.AnnotationPrefix,
+		ClusterZone:       cfg.ClusterZone,
+		PrivateListenPort: cfg.HTTPPrivateListenPort,
+		PublicListenPort:  cfg.HTTPPublicListenPort,
 	}
 	rg := newReverseProxyConfigGetter(kc, krc)
 
diff --git a/pkg/gateway/kubernetes.go b/pkg/gateway/kubernetes.go
index b1afc2a..ce46353 100644
--- a/pkg/gateway/kubernetes.go
+++ b/pkg/gateway/kubernetes.go
@@ -14,12 +14,14 @@ import (
 )
 
 type kubernetesReverseProxyConfigGetterConfig struct {
-	AnnotationPrefix string
-	ClusterZone      string
-	ListenPort       int
+	AnnotationPrefix  string
+	ClusterZone       string
+	PublicListenPort  int
+	PrivateListenPort int
 }
 
 const HostnameAliasKey = "hostname-aliases"
+const PublicHostnamesKey = "public-hostnames"
 
 func (krc *kubernetesReverseProxyConfigGetterConfig) annotationKey(name string) string {
 	return fmt.Sprintf("%s/%s", krc.AnnotationPrefix, name)
@@ -38,6 +40,18 @@ func (krc *kubernetesReverseProxyConfigGetterConfig) getAnnotationStringList(ing
 	return result
 }
 
+// Get a string at a given annotation field.
+func (krc *kubernetesReverseProxyConfigGetterConfig) getAnnotationString(ing *kextensions.Ingress, name string) string {
+	anno := ing.ObjectMeta.GetAnnotations()
+	annotationKey := krc.annotationKey(name)
+	for key, val := range anno {
+		if key == annotationKey {
+			return val
+		}
+	}
+	return ""
+}
+
 var DefaultKubernetesReverseProxyConfigGetterConfig = kubernetesReverseProxyConfigGetterConfig{
 	AnnotationPrefix: "klondike.gateway",
 }
@@ -189,7 +203,7 @@ func (rcg *kubernetesReverseProxyConfigGetter) addHTTPIngressToReverseProxyConfi
 		srv := httpReverseProxyServer{
 			Name:       CanonicalHostname(ingName, ingNamespace, rcg.krc.ClusterZone),
 			AltNames:   rcg.krc.getAnnotationStringList(ing, HostnameAliasKey),
-			ListenPort: rcg.krc.ListenPort,
+			ListenPort: rcg.krc.PrivateListenPort,
 			Locations:  []httpReverseProxyLocation{},
 		}
 
@@ -238,6 +252,15 @@ func (rcg *kubernetesReverseProxyConfigGetter) addHTTPIngressToReverseProxyConfi
 		}
 
 		rp.HTTPServers = append(rp.HTTPServers, srv)
+
+		// If the service has opted to expose all hostnames publically, we copy the
+		// srv above but replace the ListenPort with our configured
+		// PublicListenPort.
+		if rcg.krc.getAnnotationString(ing, PublicHostnamesKey) == "*" {
+			publicSrv := srv
+			publicSrv.ListenPort = rcg.krc.PublicListenPort
+			rp.HTTPServers = append(rp.HTTPServers, publicSrv)
+		}
 	}
 
 	return nil