From owner-freebsd-current@FreeBSD.ORG Mon Jun 5 07:55:07 2006 Return-Path: X-Original-To: freebsd-current@freebsd.org Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1068416A482 for ; Mon, 5 Jun 2006 07:55:06 +0000 (UTC) (envelope-from b.candler@pobox.com) Received: from rune.pobox.com (rune.pobox.com [208.210.124.79]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9572343D49 for ; Mon, 5 Jun 2006 07:55:06 +0000 (GMT) (envelope-from b.candler@pobox.com) Received: from rune (localhost [127.0.0.1]) by rune.pobox.com (Postfix) with ESMTP id AEBB07898A; Mon, 5 Jun 2006 03:55:27 -0400 (EDT) Received: from mappit.local.linnet.org (212-74-113-67.static.dsl.as9105.com [212.74.113.67]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by rune.sasl.smtp.pobox.com (Postfix) with ESMTP id 6E8F011A55; Mon, 5 Jun 2006 03:55:25 -0400 (EDT) Received: from lists by mappit.local.linnet.org with local (Exim 4.61 (FreeBSD)) (envelope-from ) id 1Fn9vR-000MCh-P0; Mon, 05 Jun 2006 08:55:01 +0100 Date: Mon, 5 Jun 2006 08:55:01 +0100 From: Brian Candler To: Dirk Meyer Message-ID: <20060605075501.GA85278@uk.tiscali.com> References: <001701c681fc$acddb330$0b0ba8c0@GATEWAY> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.2.1i Cc: freebsd-current@freebsd.org Subject: Re: namebased VPS using JAIL X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Jun 2006 07:55:07 -0000 On Sun, Jun 04, 2006 at 11:45:15AM +0200, Dirk Meyer wrote: > To allow diifrent "named" Services on one WAN IP, > you need to do this in the server application. > > Vsftpd and apache do support "Virtual Hosts" > so you can map HTTP and FTP services on > the name used by the client to access this IP. You can of run a single httpd on your main IP, and use this to proxy different virtual hosts to different (private) IPs which are in the jails, if you want each client to run their own http daemon. However, this means that the jail httpd's will see all incoming requests coming from your own IP. In order for logs and access controls to work properly, install mod_extract_forwarded on the clients' httpd servers, and AddAcceptForwarder x.x.x.x where x.x.x.x is the main server's IP. This is just for httpd though. There are many other services which can't be virtualised in this way, such ftp and ssh. If you want your clients to have these services, but sharing a single IP, then you can either run a single instance of the daemon which uses the login username to distinguish between them, or you can run multiple instances of the daemon on different ports. You can use redirection (e.g. with pf) to redirect, say, x.x.x.x:10022 to 192.168.0.1:22 HTH, Brian.