[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Putting together a server/network...
You CAN do it. It's not that hard either.
You DO NOT NEED A PUBLIC IP FOR EACH WEB SERVER.
2 options. Run it on one server but, if you can't (eg.
one is running on a Windows box and you need to attract
virii and have lots of down time) put Squid on your
gateway (or on one of the machined). Run Squid in
"reverse" mode (I forget their term).
The DNS that the Internet sees all points to the gateway
box. The connection hits the squid server and, as part
of HTTP 1.1, says "give me this page from "host: $HOSTNAME"
which is going to be one of:
crup.local824.com, liquid.local824.com, user.local824.com
Squid will then look up that hostname and go to it.
This is the tricky part, by running a classic split DNS (see
Cheswick and Bellovin's firewall book or likely many other
firewall books). The OUTSIDE sees that crup, liquid and user
all point to bunker. The Inside (specifically, the squid
proxy) must see that crup, liquid and user point to their
192.168.x.y addresses.
Quoting Local Union 824 (local824@hotmail.com):
> Thats what I was afraid of. Ok well i'll goto
> plan B and call my ISP and see if I can get a few
> more public IP addresses from them!
>
> Thanks for the reply!
>
> Dave
>
>
> >From: Mike Ayers <mike.ayers@earthling.net>
> >Reply-To: mike.ayers@earthling.net
> >To: Local Union 824 <local824@hotmail.com>
> >CC: misc@openbsd.org
> >Subject: Re: Putting together a server/network...
> >Date: Tue, 30 Oct 2001 00:33:47 -0500
> >
> >Local Union 824 wrote:
> > >
> > > Hello...
> > >
> > > I have a question that someone may be able to help
> > > me with. I am designing a network using oBSD for
> > > all of the servers. Below is a layout of how I am
> > > wanting to set it up.
> > >
> > > Internet
> > > |
> > > ADSL dhcp connection
> > > |
> > > oBSD 2.7 box
> > > (bunker.local824.com)
> > > |
> > > |
> > > [------------------------hub--------------------------]
> > > | | |
> > > oBSD 2.7 oBSD 2.7 oBSD 2.7
> > > crup.local824.com liquid.local824.com user.local824.com
> > > (192.168.x.x) (192.168.x.x) (192.168.x.x)
> > >
> > > What I am looking to do is allow all the boxes access
> > > to users. example.... http://liquid.local824.com or
> > > ftp://liquid.local824.com will goto box #2 behind the
> > > firewall router. If a user types http://user.local824.com
> > > or telnet/ssh to user.local824.com it will goto box
> > > #3. What I need it someone to tell me what is needed to
> > > do this setup. Do I need 2 of the boxes running BIND
> > > and use them as the DNS servers instead of my my ISP's
> > > DNS server. I want more that using apache's virtual
> > > hosting as i want telnet, ssh, ftp, http, mail and a
> > > future bbs to hit the box when keyed in.
> > > I only have one public IP from the ADSL so all internal
> > > boxes will be internal IP's using NAT.
> >
> > Ummmm - this can't be done. The reason is that you only have one IP
> >address. Even if you host a DNS to give the internet IP address for
> >liquid, local, and crup, they will all be the same address - bunker's
> >address. There will be no way for nat to tell which is the intended
> >host for, e.g. HTTP, since it will receive only IP/port (DNS names are
> >used only to get their IP addresses), which will be the same for
> >http://liquid.local824.com as for http://user.local824.com. You need at
> >minimum one external IP per host you wish to present to the internet.
> >
> >
> >/|/|ike