Say I have several subdomains that point to the same IP; www.thefnet.co.uk (guest:guest for nosey people ) www2.thefnet.co.uk I want to be able to send requests on one address to a different PC than the other, while still having them both running on the same port. Both of the servers are currently running behind the IPCop over NAT. Obviously I can't use port forwarding for this, so I was wondering if there is a way to see what address was requested and send the connection to the appropriate server. Would it be easier to give all the servers I want to use static external IPs?
It is possible, sortof, for http connections. Essentially you configure mod_proxy on the version of apache you have running and a couple of virtual hosts. Virtual hosts 1 corresponds to your first address and access those pages directly on the machine, virtual host 2 is configured as a proxy and in fact goes of to your second server to get the pages and return them to the requestor. Obviously the host with the proxy on it becomes a bottleneck. It's possible with HTTP since it transmits the dns name in the url so anything which can inspect layer4 can therefore act accordingly. Won't work for most other protocols, however, since the packets that arrive at the machine have no information contained in them on what DNS name was used to resolve to the IP address in the packet header. It would be a whole lot simpler to use static IPs for physicially different servers. HTH J
Thanks Jake, that has helped and confirmed my thoughts. I did want to use other protocols, not just HTTP, so I think it will be easier to setup a separate LAN for the servers using all external IPs (seeing as they are free with the ISP anyway), and join this to my private LAN using the IPCop. Trouble is then the IPCop will be a bottleneck when accessing the fileservers on the other side, could make the server LAN gbit though, will have to have a think. Excuse for more networking gear!
Sorry it's slightly off topic but what piece of software creates that map of your home LAN? I've seen it before but never manged to find out what it is that displays statistics such as those on a home server setup.
i wouldnt keep fileservers on the outside network essential the dmz as these will be open to the internet even if they are firewalled they are less secure then if they were inside your network. I would only put machiens outside of your network that run network services such as http email etc and then put all of your workstations and fileservers inside of your network. Also this way IpCop wont be a bottleneck when accessing your files.
I have to agree that this makes the most sense. Addresses exposed to the outside world should never have services other than those that absolutely have to be there. However practical considerations may well come into play here like physical considerations - Chrix may not have the space/power or physical spare hardware required to separate out the functions in which case it then becomes necessary to host it all on a single box and use such tools as portsentry and logcheck to keep an eye on things. J
Thats a good point, I think i'll keep it behind the IPCop until I can get more hardware to split up the tasks. fillip: Nagios is the software that creates the network map, if you click the Nagios link on that page you will see all the other things it does. It's a free download from nagios.org.
