From: Cathy Sarisky (cathy_at_acornhosting.net)
Date: Thu 11 Mar 2004 - 15:18:13 GMT
If they're running on standard ports, I don't see a way to do it for most
of these services, but perhaps someone knows something about NAT that I
don't. (If so, please share - I know of no way to do name-based NAT,
which is what you're asking for.)
You could certainly get it working with Apache by running apache in the
parent server and having it proxy for the vservers, but that doesn't help
you with your other services.
_This_ vserver host has her servers each assigned a publically routable
IP. Much easier, if you can pull it off.
On Thu, 11 Mar 2004, Chris Besignano wrote:
> Each of my vservers will be running apache2, mysql, exim, pop3d, sshd,
> and proftpd. I will need to redirect requests to these services from
> external (internat) clients to each vserver. Has anyone written a howto
> explaining this type of setup, or, can someone explain to me how they
> have their box configured to do this. I am assuming this is how may web
> hosts have their servers configured so this isn't really a new thing.
>
> Thanks for the help.
>
> Herbert Poetzl wrote:
>
> >On Thu, Mar 11, 2004 at 08:41:09AM -0500, Chris Besignano wrote:
> >
> >
> >>I need to run a few different websites on my box using vservers. What
> >>method does everyone use to route the traffic from eth1 (externel
> >>interface, real ip) to the vservers bound to eth0 (internal ip,
> >>192.168.x.x network)?
> >>
> >>
> >
> >there is no way to _route_ traffic from eth1 to an
> >ip bound to eth0, what you want is to nat the
> >incomming connections to yield valid for the local
> >ips, for example:
> >
> >iptables -t nat -A PREROUTING --dst <ext-ip> -p tcp --dport 80
> > -j DNAT --to 192.168.0.1
> >
> >keep in mind, that you cannot access different web
> >servers (running on different hosts/vservers) through
> >one external ip/port unless you use a smart proxy,
> >which knows how to read and forward the HTTP requests
> >
> >if you want to reach the internet from a local ip
> >range, then you do similar on outgoing traffic:
> >
> >iptables -t nat -A POSTROUTING --src 192.168.0.1
> > -j SNAT --to <ext-ip>
> >
> >
> >
> >>Darryl Ross wrote:
> >>
> >>
> >>
> >>>Dariush Pietrzak wrote:
> >>>
> >>>
> >>>
> >>>>>services in the host to ONLY bind the host's IP address, instead of all
> >>>>>
> >>>>>
> >
> >that is what the v_* sysv scripts are for
> >(limiting _host_ services to just some ips)
> >
> >HTH,
> >Herbert
> >
> >
> >
> >>>>Not true.
> >>>>
> >>>>The whole point of vservers networking is that you can give some ip
> >>>>to thw
> >>>>whole server, and then when services inside bind to '0.0.0.0' they
> >>>>get anlo
> >>>>what was allocated for given vserver.
> >>>>If what you say was true, there wouldn't be much difference between
> >>>>vserver setup and chrooted services.
> >>>>
> >>>>
> >>>Did you read what he said??
> >>>
> >>>As per your quote above, emphasis is mine:
> >>>
> >>>
> >>>
> >>>>services in the __host__ to ONLY bind the __host's__ IP address
> >>>>
> >>>>
> >>>which is exactly what you want to do. If you need to run a service in
> >>>the host, as well as inside the vservers (eg, ssh), you need to tell
> >>>the host sshd to only bind to the main IP, not the IP addresses of all
> >>>the vservers.
> >>>
> >>>Cheers
> >>>Darryl
> >>>
> >>>
> >_______________________________________________
> >Vserver mailing list
> >Vserver_at_list.linux-vserver.org
> >http://list.linux-vserver.org/mailman/listinfo/vserver
> >
> >
> >
>
> _______________________________________________
> Vserver mailing list
> Vserver_at_list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
>
_______________________________________________
Vserver mailing list
Vserver_at_list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver