Hi,

what is the best way to access multiple web servers behind a NAT?

I have 3 servers which all need to be accessed through my routers NAT, I have created a solution with one of them by translating outside port 81 to the inside port 80 of one server IP address for http access.

However this creates many other issues regarding the system and obviously using a different port from outside to inside is the wrong thing to do!

Also what would be good to access smtp mail port 25 from outside to inside for the 3 servers and a few other services which I can enable in the future.

Can any body suggest anything on how to do this?

A good website or something.

Kind of like a reverse proxy I'm guessing

Many Thanks

try this link

It seems like virtual web hosting would work for you with DNAT through your router.. see http://httpd.apache.org/docs/1.3/vhosts/ I don't know about multiple smtp but DNATing port 25 to one server and relaying from the inside server to the others might work. I'm on F9 though and know next to nothing about Debian or CentOS. Since the virtual host thing works well on userland apache, it should work on any apache.

Dave

Are these servers in your home with a customer grade internet connection? If so, your ISP may not allow port 25 inputs and may restrict port 25 connections to their own mail server. When AOL was big, they demanded that ISPs block port 25 or be blacklisted by AOL to their customers. This was an anti-spam measure. If ISP's would blacklist open-relay servers and check the from fields of outgoing email, that would eliminate a lot of spam.

Thanks for all the replies!

Yes it is for my home network with a 16Mb business grade adsl link. Curretnly I am running many services including SMTP, DNS, HTTP etc. Port 25 is open and free to use without any problem as my main mailserver uses it currently.

I have a ppc machine (PowerMac G4 733MHz) sitting in a box currently doing nothing so I can use any distro with that and turn it into a forwarding server for my services, however I don't know what I need to start with. I suggested a reverse proxy approach but that was a guess since I know that a proxy is used to connect many devices through a proxy server connected to the internet.

Hmm... well I've been doing a bit of research on reverse proxy and managed to find Squid! The link here in specific: http://wiki.squid-cache.org/SquidFaq/ReverseProxy

This is specifically for http but however I'm wondering if the same principles can be applied to all other services? Even though I'm not going to need ALL of them just a few; SMTP, IMAP, POP, HTTP and maybe one or two others in the future!

Can I ask a question - why are you running multiple pop/imap/smtp servers rather than just having one forward necessary requests? Can you explain your network setup in a bit more detail - which boxes do what, etc.

Hi billymayday

The reason of 3 pop,smtp,imap servers is kind of historical, but mainly because I was using my main server as a fetchmail server fetching mail from ISP and other 'web' mail accounts and relaying them to the appropriate users. Since my users use Outlook, the sync between POP,IMAP servers isn't great, ie: no contacts or calender sync option.

After trying teh Citadel groupware suite in it everybody complained that it didn't sync with Outlook so I installed Scalix instead. Since the main server runs Debian and there isn't a Scalix install for Debian and so it's not supported I installed CentOS on one of my laptops and am using that as an MS Exchange equivelent with fetchmail. Scalix has the advantage of having a free Outlook connector.

So the machines now look like this:

Dell GX110 (main): apache, postfix, dovecot imap, dovecot pop, ftp, ssh, ntp ....etc

Dell GX270 (web): apache, postfix, courier imap, courier pop, Darwin Streaming Server

Acer laptop (exchange): Scalix

Since the Scalix MTA also has SMTP support I just figured I could make use of that too.


Billymayday I think I told you once before that I am a networking student and it is good for me to play around with these things to gain as much experiance as possible before going into industry. So I guess it's gona help me in the future with server clustor applications where mutliple servers do the same thing and have load balancing mechanisms in place provided by the main entrance server.

On the smtp front, the usual way to handle load balancing is via multiple MX records, so I don't think you'll be able to replicate this through NAT as such.

Presumably the fetchmail server could just act as a mail gateway and forward mail according to a suitable lookup table, but again, that's post NAT.

Not that great on apache, but again, load balancing is often dealt with through nameservers, but you ca certainly use one web facing apache server to forward requests internally using ProxyPass for example.

Hmm, interesting!

This would mean that you would have say multiple internet addresses wouldn't it? Say as opposed to having your servers on private addresses?

So that means on your internet based DNS server, say from your domain provider, you would configure multiple internet IP addresses and then do what we did with my local network DNS server adn create an MX record for each machine and use the IN A to the specific internet address.

I think Squid should be able to handel this but I need to do more research and reading about Squid to understand it properly before proceeding with something then botching it

Yes, and I can't help you on the funky side of squid.

BM

Uh this is my fault for trying to replicate an Enterprize network at home hehehe

Oh well looks like I'm gona have to go fishing then!

Well at least I have alot working so far, all I need is a 'real' job now and proper experiance and I will be on my way. I hope?

Anyway thanks a bunch guys I really apprieciate it