Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Location: Under the bridge where proper engineers walkover
Distribution: Various Linux, Solaris, BSD, Cisco
Posts: 443
Rep:
Multiple servers behind NAT?
Hi,
what is the best way to access multiple web servers behind a NAT?
I have 3 servers which all need to be accessed through my routers NAT, I have created a solution with one of them by translating outside port 81 to the inside port 80 of one server IP address for http access.
However this creates many other issues regarding the system and obviously using a different port from outside to inside is the wrong thing to do!
Also what would be good to access smtp mail port 25 from outside to inside for the 3 servers and a few other services which I can enable in the future.
It seems like virtual web hosting would work for you with DNAT through your router.. see http://httpd.apache.org/docs/1.3/vhosts/ I don't know about multiple smtp but DNATing port 25 to one server and relaying from the inside server to the others might work. I'm on F9 though and know next to nothing about Debian or CentOS. Since the virtual host thing works well on userland apache, it should work on any apache.
Are these servers in your home with a customer grade internet connection? If so, your ISP may not allow port 25 inputs and may restrict port 25 connections to their own mail server. When AOL was big, they demanded that ISPs block port 25 or be blacklisted by AOL to their customers. This was an anti-spam measure. If ISP's would blacklist open-relay servers and check the from fields of outgoing email, that would eliminate a lot of spam.
Location: Under the bridge where proper engineers walkover
Distribution: Various Linux, Solaris, BSD, Cisco
Posts: 443
Original Poster
Rep:
Thanks for all the replies!
Yes it is for my home network with a 16Mb business grade adsl link. Curretnly I am running many services including SMTP, DNS, HTTP etc. Port 25 is open and free to use without any problem as my main mailserver uses it currently.
I have a ppc machine (PowerMac G4 733MHz) sitting in a box currently doing nothing so I can use any distro with that and turn it into a forwarding server for my services, however I don't know what I need to start with. I suggested a reverse proxy approach but that was a guess since I know that a proxy is used to connect many devices through a proxy server connected to the internet.
This is specifically for http but however I'm wondering if the same principles can be applied to all other services? Even though I'm not going to need ALL of them just a few; SMTP, IMAP, POP, HTTP and maybe one or two others in the future!
Can I ask a question - why are you running multiple pop/imap/smtp servers rather than just having one forward necessary requests? Can you explain your network setup in a bit more detail - which boxes do what, etc.
Location: Under the bridge where proper engineers walkover
Distribution: Various Linux, Solaris, BSD, Cisco
Posts: 443
Original Poster
Rep:
Hi billymayday
The reason of 3 pop,smtp,imap servers is kind of historical, but mainly because I was using my main server as a fetchmail server fetching mail from ISP and other 'web' mail accounts and relaying them to the appropriate users. Since my users use Outlook, the sync between POP,IMAP servers isn't great, ie: no contacts or calender sync option.
After trying teh Citadel groupware suite in it everybody complained that it didn't sync with Outlook so I installed Scalix instead. Since the main server runs Debian and there isn't a Scalix install for Debian and so it's not supported I installed CentOS on one of my laptops and am using that as an MS Exchange equivelent with fetchmail. Scalix has the advantage of having a free Outlook connector.
Dell GX270 (web): apache, postfix, courier imap, courier pop, Darwin Streaming Server
Acer laptop (exchange): Scalix
Since the Scalix MTA also has SMTP support I just figured I could make use of that too.
Billymayday I think I told you once before that I am a networking student and it is good for me to play around with these things to gain as much experiance as possible before going into industry. So I guess it's gona help me in the future with server clustor applications where mutliple servers do the same thing and have load balancing mechanisms in place provided by the main entrance server.
On the smtp front, the usual way to handle load balancing is via multiple MX records, so I don't think you'll be able to replicate this through NAT as such.
Presumably the fetchmail server could just act as a mail gateway and forward mail according to a suitable lookup table, but again, that's post NAT.
Not that great on apache, but again, load balancing is often dealt with through nameservers, but you ca certainly use one web facing apache server to forward requests internally using ProxyPass for example.
Location: Under the bridge where proper engineers walkover
Distribution: Various Linux, Solaris, BSD, Cisco
Posts: 443
Original Poster
Rep:
Hmm, interesting!
Quote:
On the smtp front, the usual way to handle load balancing is via multiple MX records, so I don't think you'll be able to replicate this through NAT as such.
This would mean that you would have say multiple internet addresses wouldn't it? Say as opposed to having your servers on private addresses?
So that means on your internet based DNS server, say from your domain provider, you would configure multiple internet IP addresses and then do what we did with my local network DNS server adn create an MX record for each machine and use the IN A to the specific internet address.
I think Squid should be able to handel this but I need to do more research and reading about Squid to understand it properly before proceeding with something then botching it
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.