Re: [vserver] Newbei's questions

From: Martin <inkubus_at_interalpha.co.uk>
Date: Sun 20 Apr 2008 - 12:08:23 BST
Message-Id: <1208689703.22136.27.camel@michael.lh45.org>

On Sat, 2008-04-19 at 11:44 +0800, Stephen Liu wrote:
<snip>
> > > I'm running VMWare here. My bitter experience on it is Mail and
> > Web
> > > servers must run on Host for single IP address. All servers
> > running on
> > > VMWare have only single way traffic to Internet, i.e. they can
> > connnect
> > > Internet but Internet can't get into them. I must forward ports 25
> > and
> > > 80 to Guest server. In such arrangement the Host has no
> > communication
> > > ports. Unless I have multiple IP address. They can't share IP
> > > address.
> > This is a feature / limitation of IP. If you want to serve multiple
> > domains from the same webserver / mail server, most can be configured
> > to
> > do this (IIRC these are 'vhosts' in Apache parlance).
>
>
> I'm doing this way for single IP. What I can't resolve is the main use
> of virtualization on single IP.
As long as you don't have two virtual servers which require listening on
the same incoming port - there is no problem. Many applications
(testing farms, isolation of services, infrastructure consolidation)
fall into this category.

> What server shall I build/run on
> virtual server?
... whatever solves the problem...

>From what you have said I'm *guessing* that you are limited to a single
IP and want to run multiple logical vservers, each of which run's it's
own web server, mail server, etc. As I have said before this is not
possible as TCP connections are considered to be uniquely identified by
the IP and port number at each end. If this is the problem you are
trying to solve, virtualising the servers will not work (it may,
however, help you reduce the amount of hardware you require and make
administration of the servers easier). If this is correct then what you
want to be doing is multiplexing several services of the same IP / port.
Relatively little technology exists to do this because the correct
solution is to use multiple IPs. The easiest solutions are to get a
single mail / web server to handle all of the domains. Apache and Exim
definately support this, I would suspect all other serious servers
would. If you really must run multiple, indepedent web / mail servers
you might be able to set up some kind of reverse proxying to forward
connections from the single public IP back to the relevant server. This
would probably work for low throughput web but it will limit the ability
of the mail servers to block spam before the message is recieved. The
only other solution I can think of is that some of the commercial
vendors may be able to sell you (at great cost) switching gear that can
route on the basis of packet content. This would likely be extreemly
expensive and I suspect it wouldn't work very well for your needs.

If you want to run two or more, independant, web servers both on port
80, you will need more than one IP.

> - snip =
>
> > > What happen to the Guest on VServer? TIA
> > In the classical case you have one IP per guest. Sharing IPs between
> > guests is also possible.
>
> Whether you meant sharing router IPs, NOT public IP to allow Internet
> getting into the Guests without port forwarding.
What I mean is that the vservers running on one host machine classically
need one IP each, however it is possible to have severel guests share
the same host IP. However, only one program can access any given port
at one time.

HTH

Cheers,
 - Martin
Received on Sun Apr 20 12:04:53 2008

[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Sun 20 Apr 2008 - 12:04:58 BST by hypermail 2.1.8