LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 02-16-2009, 05:55 PM   #1
frieza
Senior Member
 
Registered: Feb 2002
Location: harvard, il
Distribution: Ubuntu 11.4,DD-WRT micro plus ssh,lfs-6.6,Fedora 15,Fedora 16
Posts: 3,233

Rep: Reputation: 406Reputation: 406Reputation: 406Reputation: 406Reputation: 406
multiple web servers with one public ip


forgive if this has been asked before but
here is the scenereo
i am working at a place that has 2 physical web servers

yadayada1 and yadayada2
but only one public ip address
i can use dyndns to register 2 dynamic domains on the same ip address
how can i get yadayadayada1.dyndns.org to route to yadayada1 and yadayadayada2.dyndns.org to route to yadayada2 ?
 
Old 02-16-2009, 07:28 PM   #2
TBC Cosmo
Member
 
Registered: Feb 2004
Location: NY
Distribution: Fedora 10, CentOS 5.4, Debian 5 Sparc64
Posts: 356

Rep: Reputation: 43
You may be able to do that with a reverse proxy server by creating name based virtual hosts in Apache that then proxy the connections to the two physical web servers.

Just a thought. Have not tried that.
 
Old 02-16-2009, 08:59 PM   #3
lazlow
Senior Member
 
Registered: Jan 2006
Posts: 4,363

Rep: Reputation: 172Reputation: 172
I think you would use a port redirect to do this. public.address1.com forwarded by dyndns to private.address.XXX:68 (or whatever port) and public.address2.com forwarded to private.address.xxx:69(just a different port than address1). Then on your local system set Nat(?) to forward port 68 to server1 and port 69 to forward to server2.
 
Old 02-16-2009, 09:35 PM   #4
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
Except don't use ports 68 or 69, since they belong to bootp and tftp. If you're going to makeup port numbers, use ports above 1023 (and try grep'ing for them in /etc/services to make sure they're unused).
 
Old 02-16-2009, 09:35 PM   #5
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
Except don't use ports 68 or 69, since they belong to bootp and tftp. If you're going to makeup port numbers, use ports above 1023 (and try grep'ing for them in /etc/services to make sure they're unused).
 
Old 02-17-2009, 10:33 AM   #6
frieza
Senior Member
 
Registered: Feb 2002
Location: harvard, il
Distribution: Ubuntu 11.4,DD-WRT micro plus ssh,lfs-6.6,Fedora 15,Fedora 16
Posts: 3,233

Original Poster
Rep: Reputation: 406Reputation: 406Reputation: 406Reputation: 406Reputation: 406
does the proxy have to be a multi honed proxy with the webservers behind as such?or can it be on the same switch as the webservers?

Last edited by frieza; 02-17-2009 at 10:35 AM.
 
Old 02-17-2009, 11:33 AM   #7
TBC Cosmo
Member
 
Registered: Feb 2004
Location: NY
Distribution: Fedora 10, CentOS 5.4, Debian 5 Sparc64
Posts: 356

Rep: Reputation: 43
I believe that the proxy server interfaces can all be on the same subnet with the two web servers.
 
Old 02-17-2009, 01:54 PM   #8
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
Quote:
Originally Posted by TBC Cosmo View Post
I believe that the proxy server interfaces can all be on the same subnet with the two web servers.
Should be since the source address of packets sent to the webservers should be the IP of the proxy.
 
Old 02-17-2009, 02:07 PM   #9
TBC Cosmo
Member
 
Registered: Feb 2004
Location: NY
Distribution: Fedora 10, CentOS 5.4, Debian 5 Sparc64
Posts: 356

Rep: Reputation: 43
I guess the concern is whether an interface on the proxy server that apache listens on needs to be on a different network, possibly a DMZ. But I don't think it's strictly necessary.
 
Old 02-17-2009, 04:43 PM   #10
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
Quote:
Originally Posted by TBC Cosmo View Post
I guess the concern is whether an interface on the proxy server that apache listens on needs to be on a different network, possibly a DMZ. But I don't think it's strictly necessary.
I don't see why. The only thing you have to worry about is triangular routing, but that shouldn't happen when the source address is rewritten to the proxy server (this will happen automatically with an application-level proxy).
 
Old 02-17-2009, 08:08 PM   #11
frieza
Senior Member
 
Registered: Feb 2002
Location: harvard, il
Distribution: Ubuntu 11.4,DD-WRT micro plus ssh,lfs-6.6,Fedora 15,Fedora 16
Posts: 3,233

Original Poster
Rep: Reputation: 406Reputation: 406Reputation: 406Reputation: 406Reputation: 406
ok, would squid be what i am looking for? or should it be done with a third apache server that does nothing but redirect?
what docs would you best reccomend for doing this with squid or apache? and perhaps you could provide a working example?
 
Old 02-17-2009, 08:26 PM   #12
TBC Cosmo
Member
 
Registered: Feb 2004
Location: NY
Distribution: Fedora 10, CentOS 5.4, Debian 5 Sparc64
Posts: 356

Rep: Reputation: 43
Squid or Apache has that capability, sorry - I have no working example but these can get you going

http://wiki.squid-cache.org/ConfigEx...ipleWebservers
http://www.serverwatch.com/tutorials...0825_3290851_3
http://httpd.apache.org/docs/2.2/mod/mod_proxy.html
 
Old 02-18-2009, 02:04 PM   #13
frieza
Senior Member
 
Registered: Feb 2002
Location: harvard, il
Distribution: Ubuntu 11.4,DD-WRT micro plus ssh,lfs-6.6,Fedora 15,Fedora 16
Posts: 3,233

Original Poster
Rep: Reputation: 406Reputation: 406Reputation: 406Reputation: 406Reputation: 406
here is what i have so far
where yadayadayada1 and 2.url.org are the urls called from the outside
and server1 and 2 are my internal server names
and x and x1 are the ip address of the machines
(hidden so that i dont reveal too much about the network in question)
but both point to the same site at the moment
what am i doing wrong?

Code:
http_port 80 accel defaultsite=www.sweetnam.eu vhost
forwarded_for on

refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern .               0       20%     4320

cache_peer 192.168.1.x parent 80 0 no-query no-digest originserver name=server1
acl sites_server1 dstdomain yadayadayada.url.org
acl our_sites dstdomain yadayadayada.url.org
cache_peer_access server1 allow sites_server1

cache_peer 192.168.1.x1 parent 80 0 no-query no-digest originserver name=server2
acl sites_server2 dstdomain yadayadayada2.url.org
acl our_sites2 dstdomain yadayadayada2.url.org
cache_peer_access server2 allow sites_server2

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT

http_access allow 192.168.1.x1
http_access allow 192.168.1.x

http_access allow manager all
http_access allow manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny all

access_log /var/log/squid/access.log
cache_mgr someone@somewhere.com

Last edited by frieza; 02-18-2009 at 02:11 PM.
 
Old 02-18-2009, 06:48 PM   #14
frieza
Senior Member
 
Registered: Feb 2002
Location: harvard, il
Distribution: Ubuntu 11.4,DD-WRT micro plus ssh,lfs-6.6,Fedora 15,Fedora 16
Posts: 3,233

Original Poster
Rep: Reputation: 406Reputation: 406Reputation: 406Reputation: 406Reputation: 406
grr
it seemed to be working
then i went into webmin on one of the target servers via its direct ip and tried to add a virtual host and everything blew up
 
Old 02-18-2009, 06:52 PM   #15
billymayday
LQ Guru
 
Registered: Mar 2006
Location: Sydney, Australia
Distribution: Fedora, CentOS, OpenSuse, Slack, Gentoo, Debian, Arch, PCBSD
Posts: 6,678

Rep: Reputation: 122Reputation: 122
See if my response here (http://www.linuxquestions.org/questi...me-lan-705718/) helps
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Multiple physical web servers behind one IP nickj6282 Linux - Networking 1 07-30-2006 03:16 AM
Multiple web servers on DMZ...is that possible? depam Linux - Software 3 07-24-2006 02:48 PM
help with 1 public ip + two servers?? slackamp Slackware 2 04-06-2006 02:29 PM
public web browser aka web kiosk xmnemonic Linux - Software 6 06-14-2004 03:20 PM
Setting up multiple web servers behind Packet Filter (PF) IMNOboist *BSD 2 02-29-2004 04:34 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 06:38 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration