Rouing to Private IPs

AustinS · 05-22-2003, 05:22 PM

Hi,

I'm interested in doing something similar to an LVS router.
I would like to have web requests come to a virtualserver with a public address. Instead of having them forwarded based on ip/port I would I like to route by domain name to a real server.

Reason: I'm running low on IPs and if LVS can route to private IPs their has to be some way of routing multiple domains from a single IP & Port to a Private IP farm.

Any Idea's are welcome.
And howto's are loved.

Robert0380 · 05-23-2003, 09:51 AM

what do you mean by "route my domain to a real server"..do you mean like if you domain is "mydomain.com" you want that to be a specific computer? Well if you have a private network, and you want anything that goes to "mydomain.com" to route to private IP 192.168.0.100, then you'd 1st have to make sure that "mydomain.com" 1st comes to the router (mydomain.com is just a name for some specific ip address) so the IP of the router has to match the DNS entry for mydomain.com.

Then on the router, you simply forward everything to the private computer. If its a linux box with iptables you could do this:

1. Assumptions: the domain name maps to IP 123.456.789.123

2. the rule:

iptables -A PREROUTING -d 123.456.789.123 -j DNAT -to 192.168.0.100

that forwards all requests headed for 123.456.789.123 to the private machine 192.168.0.100. You could also forward based on what is necessary. Like if the mydomain.com server only serves web pages, then you only need to forward port 80. If you want ssh, forward port 22, if its an ftp server, forward the ftp port and so on and so forth. You could even split up all these services amond different computers and forward accordingly and as far as the outside world is concerened....it all goes to 1 machine (because its all the same IP just different ports).

AustinS · 05-23-2003, 02:06 PM

This is almost what I want but I would like 123.456.789.012
to route www.xxx.zzz to 192.168.0.10 and
www.yyy.zzz to 192.168.0.11 when both come to 123.456.789.012 on port 80.

I did a little investigation last night on SQUID and a reverse or transparent proxy configuration.... my head will stop spinning eventually. It looks like it may be my solution. I'm a little concerned though that it will prevent proper logging of the clients IP. Does it send the proxy's ip to the webserver when using a reverse proxy(web accelerator) or does it send the client's ip and function as the gateway back to the client for the server?

Thanks

xcon · 05-23-2003, 04:59 PM

wait... squid as a web-accelerator on the server side? weird... is it supposed to take some load off the webserver as well?

i'm pretty sure it will give the proxy's internal IP, since that's what every server gets when you go through a proxy as a client, the proxy becomes the client

http://squid.visolve.com/squid24s1/contents.htm
look at section XI (you might have already)

Robert0380 · 05-24-2003, 06:09 AM

if you mean load balancing then you'd just do this:

iptables -A PREROUTING -p tcp --dport 80 -j DNAT --to 192.168.0.10 192.168.0.11

that sends every other request to 10 and every other request to 11 (or something like that) but not all requests to both.

edit: you would do that on the 123 machine of course