About this list Date view Thread view Subject view Author view Attachment view

From: Chris Besignano (chris_at_linsoftlabs.com)
Date: Thu 11 Mar 2004 - 14:52:35 GMT


Each of my vservers will be running apache2, mysql, exim, pop3d, sshd,
and proftpd. I will need to redirect requests to these services from
external (internat) clients to each vserver. Has anyone written a howto
explaining this type of setup, or, can someone explain to me how they
have their box configured to do this. I am assuming this is how may web
hosts have their servers configured so this isn't really a new thing.

Thanks for the help.

Herbert Poetzl wrote:

>On Thu, Mar 11, 2004 at 08:41:09AM -0500, Chris Besignano wrote:
>
>
>>I need to run a few different websites on my box using vservers. What
>>method does everyone use to route the traffic from eth1 (externel
>>interface, real ip) to the vservers bound to eth0 (internal ip,
>>192.168.x.x network)?
>>
>>
>
>there is no way to _route_ traffic from eth1 to an
>ip bound to eth0, what you want is to nat the
>incomming connections to yield valid for the local
>ips, for example:
>
>iptables -t nat -A PREROUTING --dst <ext-ip> -p tcp --dport 80
> -j DNAT --to 192.168.0.1
>
>keep in mind, that you cannot access different web
>servers (running on different hosts/vservers) through
>one external ip/port unless you use a smart proxy,
>which knows how to read and forward the HTTP requests
>
>if you want to reach the internet from a local ip
>range, then you do similar on outgoing traffic:
>
>iptables -t nat -A POSTROUTING --src 192.168.0.1
> -j SNAT --to <ext-ip>
>
>
>
>>Darryl Ross wrote:
>>
>>
>>
>>>Dariush Pietrzak wrote:
>>>
>>>
>>>
>>>>>services in the host to ONLY bind the host's IP address, instead of all
>>>>>
>>>>>
>
>that is what the v_* sysv scripts are for
>(limiting _host_ services to just some ips)
>
>HTH,
>Herbert
>
>
>
>>>>Not true.
>>>>
>>>>The whole point of vservers networking is that you can give some ip
>>>>to thw
>>>>whole server, and then when services inside bind to '0.0.0.0' they
>>>>get anlo
>>>>what was allocated for given vserver.
>>>>If what you say was true, there wouldn't be much difference between
>>>>vserver setup and chrooted services.
>>>>
>>>>
>>>Did you read what he said??
>>>
>>>As per your quote above, emphasis is mine:
>>>
>>>
>>>
>>>>services in the __host__ to ONLY bind the __host's__ IP address
>>>>
>>>>
>>>which is exactly what you want to do. If you need to run a service in
>>>the host, as well as inside the vservers (eg, ssh), you need to tell
>>>the host sshd to only bind to the main IP, not the IP addresses of all
>>>the vservers.
>>>
>>>Cheers
>>>Darryl
>>>
>>>
>_______________________________________________
>Vserver mailing list
>Vserver_at_list.linux-vserver.org
>http://list.linux-vserver.org/mailman/listinfo/vserver
>
>
>

_______________________________________________
Vserver mailing list
Vserver_at_list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver


About this list Date view Thread view Subject view Author view Attachment view
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Thu 11 Mar 2004 - 14:53:14 GMT by hypermail 2.1.3