| 1 |
Stroller <stroller <at> stellar.eclipse.co.uk> writes: |
| 2 |
|
| 3 |
|
| 4 |
> > I have one static IP |
| 5 |
> > ... Could someone post |
| 6 |
> > some simple iptable examples of how to route 2 different |
| 7 |
> > web server traffic streams to 2 different machines? |
| 8 |
|
| 9 |
> > Both are inside the same DMZ....2 different machines |
| 10 |
> > with different (NAT) IP addresses. |
| 11 |
|
| 12 |
> Can't be done. |
| 13 |
|
| 14 |
Ok, that explains why I drew a blank on how to proceed. |
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
> There is no way for IPtables to distinguish between an http request to |
| 21 |
> bigbreastedmommas.com at 24.73.161.102 and an http request to |
| 22 |
> bouncyboobs.com at 24.73.161.102, assuming both are on port 80. |
| 23 |
|
| 24 |
|
| 25 |
So the best I can do is forward all traffic( 80, 443, etc) for the |
| 26 |
group of websites to a proxy behind the firewall, then use software |
| 27 |
such as what kashani suggested (proxypass, Squid, ngnix, |
| 28 |
lighttpd, or Varnish) and parse the traffic with some form of |
| 29 |
vhosts implementation on a single server (nated IP)? |
| 30 |
|
| 31 |
I definately do not want to run anything additional on the firewall, |
| 32 |
unless it is absolutely secure and then it would have to have an |
| 33 |
light loading of firewall resources. |
| 34 |
|
| 35 |
Then if the load of the combined virtual hostings becomes too large, |
| 36 |
I use a group (cluster) of servers that and implement some sort of load |
| 37 |
balancing across the machines that each contain complete copies of each website? |
| 38 |
|
| 39 |
Then there is the question of how to keep the individual machines |
| 40 |
'in sync' and the limitation that once a machine is saturated (performance |
| 41 |
suffers too much due to insufficient resources) there |
| 42 |
is no solution for expansion? |
| 43 |
|
| 44 |
One last thing. I can get a small subnet of say 5 IP address from my |
| 45 |
ISP for an additional 20/month. That that help me? I want to put up |
| 46 |
dozens of small charitable web sites. None will have a huge user base, |
| 47 |
but I was going to stream some limited video from each of them. |
| 48 |
|
| 49 |
|
| 50 |
Any other architectual solutions here? (outside hosting is not an option). |
| 51 |
My ISP is very cool, and will even let me run my own primary and secondary |
| 52 |
name service, if that helps redirect the traffic? |
| 53 |
|
| 54 |
|
| 55 |
Ideas? |
| 56 |
|
| 57 |
|
| 58 |
|
| 59 |
James |
Archives