Date: Sun, 9 Dec 2001 14:51:10 -0600 From: "Dustin Puryear" <dpuryear@usa.net> To: <freebsd-isp@freebsd.org> Subject: RE: Re[4]: Using DNAT and DNS round-robin Message-ID: <PGECILGGNJGDPJKLFEMIEEJNCIAA.dpuryear@usa.net>
next in thread | raw e-mail | index | archive | help
> > Gabriel, let me try to explain this better. > > > We want to setup n web servers behind a firewall, all of which will > > be running FreeBSD 4.4-RELEASE. The web servers will be setup for > > IP-based virtual hosting. In order to support virtual hosting we > > need to do one of > > So you actually got one IP for each user. Lucky admin, you are. My client is not a general web hosting service. They have several web sites that they will be offering. However, I cannot rule out the use of name-based virtual hosting in the future. > > the following: setup the firewall to just route all incoming > > packets for our assigned network internally and have each web > > server setup an interface aliase for each IP address used by a > > virtual host (I'm not even sure how this would be done to be honest > > since we can't have multiple servers using the same IP), > > Why would you need too? You actually need the reverse, multiple IPs > for one > server... This part I can see I did not adequately explain. We need some type of load-balancing or (at least for now) load-sharing solution. (Thus, the original DNS round robin question.) If we setup load sharing under the first solution I gave then each and every web server would need an interface alias for each web site. That is what I meant. The obvious problem with that is having multiple interfaces with the same IP address. Something similar to: internet <-> firewall <-> webserver1..n (each with ip addresses 1..n) Where each webserver can serve any of the hosted websites. > > setup our firewall with an interface alias for each IP address > > used by a virtual host and then use DNAT to just route each > > incoming packet to one of the n web servers to be serviced, or use > > Squid as a reverse proxy and forgo DNAT or using the public IP > > addresses internally. The Squid solution seems the best, but I > > could be wrong. > > Why not just have the firewall act as classic router like all other > people out there do it? That is the first solution that I gave. The problem with that is how do I handle having multiple web servers, each of which should be able to serve any one of the websites to the client? Wouldn't this require each one to have interface aliases 1..n for each website? > > My question was what method is being used by others, and if we > > choose the second method, if we can still use DNS round robin. (The > > latter question you have answered.) > > You can always use round robin if you have more than one IP hosting > the same data. Whether you want to use it is a wholly different > topic... True. We may use it for now until we have a load-balancing solution in place. Regards, Dustin --- Dustin Puryear <dpuryear@usa.net> Information Systems Consultant http://members.telocity.com/~dpuryear In the beginning the Universe was created. This has been widely regarded as a bad move. - Douglas Adams To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?PGECILGGNJGDPJKLFEMIEEJNCIAA.dpuryear>