Date: Mon, 17 Jul 2017 19:56:35 +0300 From: Sami Halabi <sodynet1@gmail.com> To: Eugene Grosbein <eugen@grosbein.net> Cc: freebsd-net@freebsd.org, Grzegorz Junka <list1@gjunka.com>, freebsd-jail@freebsd.org Subject: Re: A web server behind two gateways? Message-ID: <CAEW%2BogaBdB5yO9q5cTbjw%2BkwQbhWD396RfAmdiT=aMDwCUpgmA@mail.gmail.com> In-Reply-To: <596CA093.6020508@grosbein.net> References: <a35370da-531d-6678-4a60-95304bdd919b@gjunka.com> <596CA093.6020508@grosbein.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, simple solution i can think about is: 1. launch 1st jail apache/nginx with db (mysql?) ve sure to use mysql address accesible vian jail2 (maybe epair), this jail will use default route, lets say wan1. 2. launch 2nd jail with vnet, default route wan2, mount the same data directories as jail1, and apache/nginx, since the ip of the db is the internal ip between jails it'll connect to the 1st db. this way you have 2 jails that share same data dir but service users vian different wans behind nat. Hope the idea helps. Sami =D7=91=D7=AA=D7=90=D7=A8=D7=99=D7=9A 17 =D7=91=D7=99=D7=95=D7=9C=D7=99 2017= 02:34 PM,=E2=80=8F "Eugene Grosbein" <eugen@grosbein.net> =D7=9B=D7=AA=D7= =91: > On 16.07.2017 19:48, Grzegorz Junka wrote: > > Hello, > > > > I have a jail running a web server in LAN. There are two routers/WANs > > that can connect LAN to the internet. I enabled NAT and port forwarding > > to the web server on both routers. > > > > The problem is that the web server responds to requests only from one > > router at a time depending on the default gateway set on the jail's > > host. If the default gateway is set as router 1 then the web page can b= e > > opened only through WAN1 and vice versa. > > > > Can I configure either router/host/jail so that the web server sends th= e > > response back to the IP that sent the request packet rather than to the > > default gateway? > > This is the job of external NAT box to route translated replys to right W= AN > based on external source IP address produced during translation of the > reply. > The jail or internal NAT have nothing to do with the problem. > > So, the solution depends of kind of NAT you use. > > > And a bonus question, how can I configure two jails so that each jail > > sends packets to a different gateway (which may or may not be the same > > as the jails' host's default gateway)? > > Read "man jail" for "vnet" feature. > > _______________________________________________ > freebsd-jail@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-jail > To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAEW%2BogaBdB5yO9q5cTbjw%2BkwQbhWD396RfAmdiT=aMDwCUpgmA>