Hi there

I have a fixed IP address on my ADSL connection. Just wanting a little bit of help with a home project I'm working on. Basically I have the following machines:

- A solaris machine
- A Mac OSX machine
- A linux machine

I would like for incoming traffic (http, ftp, ssh) to be routed to specific machines depending upon the domain name entered. For example:

traffic for abc.com to go to the solaris machine
traffic for def.com to go to the Mac OSX machine
traffic for ghi.com to go to the Linux machine

I have pointed all three domains that I have to the one IP. Do I need to set up a nameserver on the same IP in order to do this locally or am I trying to do something thats not possible? Do I need a hardware/software router in order to do it?

A little out of my depth, but as I said, just a little "play" project that I'm working on

Any advice, criticism, laughter appreciated :)

John G

One of your machines will have to handle incoming traffic, and then distribute it accordingly to whatever you specify.

Let’s assume that it's your Linux machine which handles incoming traffic. If I search for abc.com, it will resolve to your ADSL IP, then going over to your Linux machine. From there, if abc.com is local, then the Linux machine will serve the web page, if it's not local then you'll have to redirect it to the machine which holds abc.com, and then specify on that machine to serve abc.com.

I Hope I was clear enough for you.

P.S. You’ll need an external DNS which will resolve abc.com, def.com, etc.

hi there and thanks for your reply

I am handling all the external DNS with ZoneEdit.com and that works quite well to the one IP

The bit I'm stuck on (sorry!) is how to route internally to the different machines. Each machine has a different internal IP address, eg 10.0.0.1...4. Do I need some kind of software router or is it a DNS server (BIND) on the first machine thats needed? Currently my setup has an ADSL router which points incoming traffic to one internal machine. Not sure if I need a direct connection with a machine rather than doing it this way

Any help appreciated

Thanks

John

any advice on this would be appreciated? Any futher ideas?

John

giantstep, sorry I did not read the entire thread, as I'm looking into ZoneEdit as I can not get to their web site right now. Strange? You seeing this too?

--

Sorry, back to your question...

With most basic routers out there you can simply use whats called Port Forwarding, Port Triggering, or NAT (Network Address Translation). More or less, basic Port Forwarding can say:

This is Port 80, We'll Forward it to Solaris
This is Port 8080, We'll Forward the request to Mac OSX
This is Port 8888, We'll Forward it to Linux

If your using a linksys router, get there by clicking the "Advanced" tab and then the "Port Forwarding" tab. However. this solution will likely not work for you because it does not allow multiple sites to be run on different machines which are using the same port (Port 80). If your cool having some sites on different ports other than the standard Port 80, then this is all you need.

The next step would be Port Triggering. This, for the most part says:

A Request For Port 9000, I'll Forward It To Linux on Port 80
A Request For Port 5555, I'll Forward It To Mac OSX on Port 80
A Request For Port 1111, I'll Forward It To Solaris on Port 80

Thus, on the outside you have can have people using different ports which are translated to the internal port range. Internally your web servers would be listening to the correct port range.

In my opinion neither of the two will really work to solve your problem as you would still have workarounds. (And do check into Port Triggering because I have not used it before and I'm not 100% sure this won't work for you) If one of these options is a viable solution than thats great because its a basic router (wired or wireless) that only costs $50 or so.

The third option sounds like the better option, as it is much more flexible. Basically it would mean running another copy of Linux and doing NAT through IP Masquerading. I can only give you basic information about this option as it has been over 5 years since I've implementeded this myself.

But for the most part it would meen setting up another linux box that listens to the traffic, analyzes it based on a few rules to get the traffic where it needs to go. Unfortunately I don't know the exact setup in this case, but if I were in your shoes I would not want my visitors having to see :8888 at the end of my web addresses, which I think the first two options require.

So in this last option you are looking at the cost for another dedicated firewall box or whatever that can run Linux and you would have to find IP Masquerading or something like it that does a good job of analyzing the rules you set up. Because this ideal solution will say:

somesite.com (Port 80) goes to Solaris on (Port 80)
another.com (Port 80) goes to Mac OSX on (Port 80)
thirdwebsite.com (Port 80) goes to Linux on (Port 80)

Let me know if I can clarify on any of this or help answer any questions that might be bobbling in your head.

Andrew

Andrew

Thanks for the detailed and useful posting. I agree that it looks like the NAT approach might be the best. Any idea where I could find out some information on setting something like this up? Also, would it work if I point all incoming traffic from the router to this internal linux machine and then this routes accordinly or do I have to plug the linux machine directly into the ADSL?

Thanks

John

When you say "router" I'm assuming you mean it's the ADSL modem/router your ISP has provided you with?

In any event, I would have it like this:

-----------------------
1: Internet
-
2: Cable or DSL Modem that is Provided By Your ISP
-
3: (HardwareFirewall - If you chose to have one. If not remove this layer without any additional work.)
-
4: An actual router (Linksys or likewise Cable/DSL router) This layer and the next layer can be skiped if the Internet connection is only going to the web servers. Otherwise, if you have personal computers or other machines that need to share this Internet connection, you need this router here to forward the traffic to and from each machine.
-
5: (Hub - If you don't have multiple ports in your Cable/DSL router and want regular machines to access the Internet. If you do have multiple ports, simply remove this layer too and plug the devices directly into layer 4. Connect regular machines to the router above or to ports on this hub (layer 5), and make sure to connect linux box to this as well)
-
6: Linux (IP Masquarading or other NAT Software)
-
7: Hub
-
8: From Hub to Solaris, Linux, MacOS, etc.
-----------------------

Okay a few things to note:

Your ISP might block port 80 in so that you can't do web hosting. Make sure to check this before hand as all will be futile if they won't allow you to do web hosting off of your connection!

Also, this might look very complicated, but it's really not. I'm doing exactly this at home minus layers 5, 6 and 7 (because I have no need to do hosting on more than one machine that is for personal use anyway) So instead on layer 5 I have my web server.

Also, make sure in each line of the chain that port 80 is forwarded on to the next layer. For example, of critical importance is to make sure that layer 4 forward the inbound traffic on port 80 to the correct machine. Otherwise this router will get the traffic, not know what to do with it and not forward it on!

For each different segment of network it is very good to use different Private IP Ranges. Private IP Addresses are in the range of:

10.0.0.0 - 10.255.255.255
172.16.0.0 - 172.31.255.255
192.168.0.0 - 192.168.255.255

Thus, one NIC on the linux box might have 192.168.2.1 while the other NIC uses 192.168.1.100. This seperates out your network segments so that you know which IP addresses are for what devices in the chain.

One other note: You can completely remove layer 7 (the hub) if you simply want to use one hub and traverse that hub when traffic comes into the linux box, and when linux then does NAT for the web host. It's kinda archeic and not a great way to do it, but it would allow you to remove one more layer in the mix.

So the minimum you would need:

-----------------------
1: Internet
-
2: Cable or DSL Modem that is Provided By Your ISP
-
4: An actual router (Linksys or likewise Cable/DSL router)
-
5: Hub/Switch (Possibly not needed if multiple ports are on router)
-
6: Linux (IP Masquarading or other NAT Software)
6: Solaris
6: Linux
6: MacOS
6: Personal PC or Workstations as well?
-----------------------

And definately make sure layer 4 has port forwarding turned on and is forwarding port 80 traffic to the Linux box in layer 6.