[olug] DNS & NAT examples needed

Sam Tetherow tetherow at shwisp.net
Wed Dec 31 21:19:17 UTC 2008 

Actually with one external IP address hosting several domains across 
multiple (virtual) machines you are going to have other issues.

Unless you want to advertise all of your web servers as 
http://www.domain1.com:8080/ and http://www.domain2.com:8081/ etc you 
are going to need to set up some sort of proxy redirect.

With apache you can use rewrite rules based on the request URL so you 
could have a front-end apache server where all http traffic is sent and 
it will use mod_proxy/mod_rewrite to get things where they need to go.

DNS you will want to just run one server for all domains, no point in 
have a seperate DNS server for each domain.

For email you will need to again have a single SMTP server running on 
port 25 which will then redirect mail to each host that is hosting email 
for the domain. Or you could run a single mail server that hosts mail 
for all domains but it sounded like you wanted each mail server seperate.

As for the firewall/router you could continue to use your linksys if you 
want since you are just doing a simple port forward on ports 80, 25 and 
53 to a host inside your network which then redirects the traffic for 
you. You could set up a linux firewall if you want, the iptables rules 
would not be that hard to configure. You could run an linux firmware on 
your linksys router if you wanted both.

If you wanted to run pfSense it would work as well, although it is BSD 
based so you are adding another OS into the mix, nothing wrong with that 
but unless you are a BSD user I don't really see the point.

Another alternative for the web servers would be to use content 
filtering firewall rules to redirect the traffic, but there are other 
issues that can crop up there and it will fail if you are planning on 
using SSL certs for anything since the firewall won't be able to pick 
apart the HTTPS request to see where it should go.

Sam Tetherow
Sandhills Wireless

Curtis LaMasters wrote:
> PAT is actually the term to use here (port address translation).  So instead
> of using a single IP with all ports NAT'd to an internal IP, you can NAT a
> single port on your single external IP to a host on your LAN.  In the
> information you've given you'll need UDP/53, TCP/80, TCP/443 and TCP/25
> (DNS, HTTP, HTTPS, SMTP).
>
> Curtis LaMasters
> http://www.curtis-lamasters.com
> http://www.builtnetworks.com
>
>
> On Wed, Dec 31, 2008 at 2:02 PM, <webtrekker at cox.net> wrote:
>
>   
>> Hi Curtis,
>> I will be hosting a couple of different domains (nchea.org, nchea.net,
>> houseofswartz.*, and couple of other non-profits in 09), for web and mail
>> (scalix or zimbra) for each domain.
>> What I can't seem to get my head wrapped around is how to translate all of
>> the services/servers back out through a single public IP.
>>
>> I hadn't heard of pfSense, so I am heading there now... thanks for the tip.
>>
>> Patrick
>>
>> ---- Curtis LaMasters <curtislamasters at gmail.com> wrote:
>>     
>>> I may not fully understand what you want but I would replace the Linksys
>>> with something that does load balancing for your hosts behind (pfSense
>>>       
>> comes
>>     
>>> to mind), setup UDP/53 (DNS) to round robin between your two (I assume
>>> you'll have two) DNS servers and setup host header based web access on
>>> TCP/80.  What other services will you be offering?
>>>
>>> Curtis LaMasters
>>> http://www.curtis-lamasters.com
>>> http://www.builtnetworks.com
>>>
>>>
>>> On Wed, Dec 31, 2008 at 12:07 PM, <webtrekker at cox.net> wrote:
>>>
>>>       
>>>> Hi All,
>>>> After several attempts of finding a vps service that I liked or could
>>>> afford, I have taken the plunge and upgraded to Cox's business line and
>>>>         
>> now
>>     
>>>> have my very own IP (cheers all around...).
>>>> Anyway, I now need to setup DNS to support the different web, mail
>>>>         
>> servers
>>     
>>>> for a couple of different domains.  I have done this in the past, but I
>>>>         
>> had
>>     
>>>> plenty of public IP addresses available to work with.  Now, I only have
>>>>         
>> one
>>     
>>>> and need to use NAT for all of the servers behind it.
>>>> Can someone lend some guidance on how to set this up?  I have a XEN box
>>>> that will be running most of the servers and a Linksys wireless router
>>>>         
>> that
>>     
>>>> is doing the NATing for those and the rest of the PCs in the house.
>>>>
>>>> Not sure if I should take out the Linksys (or move it down stream) and
>>>>         
>> put
>>     
>>>> up a Linux box w/multiple nics and run my first nameserver there. or
>>>>         
>> just
>>     
>>>> run bind as one of the virtual hosts.
>>>>
>>>> I apologize for the long winded request, but your help is greatly
>>>> appreciated.
>>>>
>>>> Patrick
>>>>
>>>> _______________________________________________
>>>> OLUG mailing list
>>>> OLUG at olug.org
>>>> https://lists.olug.org/mailman/listinfo/olug
>>>>
>>>>         
>>> _______________________________________________
>>> OLUG mailing list
>>> OLUG at olug.org
>>> https://lists.olug.org/mailman/listinfo/olug
>>>       
>>     
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> https://lists.olug.org/mailman/listinfo/olug
>

More information about the OLUG mailing list