From owner-freebsd-isp Sun Dec 9 10:23:47 2001 Delivered-To: freebsd-isp@freebsd.org Received: from gamma.root-servers.ch (gamma.root-servers.ch [195.49.62.126]) by hub.freebsd.org (Postfix) with SMTP id 28C5E37B405 for ; Sun, 9 Dec 2001 10:23:40 -0800 (PST) Received: (qmail 61858 invoked from network); 9 Dec 2001 18:23:39 -0000 Received: from dclient217-162-128-224.hispeed.ch (HELO athlon550) (217.162.128.224) by 0 with SMTP; 9 Dec 2001 18:23:39 -0000 Date: Sun, 9 Dec 2001 19:24:25 +0100 From: Gabriel Ambuehl X-Mailer: The Bat! (v1.53bis) Educational Organization: BUZ Internet Services X-Priority: 3 (Normal) Message-ID: <43452503966.20011209192425@buz.ch> To: "Dustin Puryear" Cc: freebsd-isp@freebsd.org Subject: Re[4]: Using DNAT and DNS round-robin In-Reply-To: References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- Hello Dustin, Sunday, December 09, 2001, 7:28:41 PM, you wrote: > Gabriel, let me try to explain this better. > We want to setup n web servers behind a firewall, all of which will > be running FreeBSD 4.4-RELEASE. The web servers will be setup for > IP-based virtual hosting. In order to support virtual hosting we > need to do one of So you actually got one IP for each user. Lucky admin, you are. > the following: setup the firewall to just route all incoming > packets for our assigned network internally and have each web > server setup an interface aliase for each IP address used by a > virtual host (I'm not even sure how this would be done to be honest > since we can't have multiple servers using the same IP), Why would you need too? You actually need the reverse, multiple IPs for one server... > setup our firewall with an interface alias for each IP address > used by a virtual host and then use DNAT to just route each > incoming packet to one of the n web servers to be serviced, or use > Squid as a reverse proxy and forgo DNAT or using the public IP > addresses internally. The Squid solution seems the best, but I > could be wrong. Why not just have the firewall act as classic router like all other people out there do it? > My question was what method is being used by others, and if we > choose the second method, if we can still use DNS round robin. (The > latter question you have answered.) You can always use round robin if you have more than one IP hosting the same data. Whether you want to use it is a wholly different topic... Best regards, Gabriel -----BEGIN PGP SIGNATURE----- Version: PGP 6.5i iQEVAwUBPBOeTMZa2WpymlDxAQEC2Af+J6lstVSZ3nkF1RhYebbWtQQOrr9ZwzeV spI4cnc4DUkNLfEumDLntFU9ppDdQL9Y0+1wyR2rhPtofZpAuzKSPz+aOVXtNApo xWtlbWsJer7tcZlvGyFN+spnri8NnwtkZEBG9z6lQ/nz7Gvv86gC9AMNC+DA2Kx5 +PDwmA8iPzGwJwNWBGReqiRYKPYern20NRlQQYrtBkVu4MBzK6k8g9WCMRUdAjWT XxkjXfRVBfBnUrRBGA/eQrkmyP5jtWE7Mm04OIjfS+XShto/zwzvW/RfbmGvzXob x/pWhUhJHWwK4Wlic3x4eCH5YQjOhIIzbcmdYA0w7RlxKTGq5EetAQ== =4YHb -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message