Date: Sun, 28 May 2006 09:01:59 +0100 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: Yudai Yamagishi <yyahmee@mbn.nifty.com> Cc: freebsd-questions@freebsd.org Subject: Re: namebased VPS using JAIL Message-ID: <447958F7.1020104@infracaninophile.co.uk> In-Reply-To: <001c01c681ff$38d1e080$0b0ba8c0@GATEWAY> References: <001c01c681ff$38d1e080$0b0ba8c0@GATEWAY>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig58B1961704ED22B370E96E0F Content-Type: text/plain; charset=ISO-8859-15 Content-Transfer-Encoding: quoted-printable Yudai Yamagishi wrote: > Hey, >=20 > I'm trying to serve several VPS for my friends. >=20 > But, IP addresses costs too much here in Japan. >=20 > So, I only have 1 WAN IP. >=20 > I've heard that Virtuozzo let's users create namebased VPS. >=20 > For example, I want to create a VPS called vps1. >=20 > I'll assign vps1.codebusterz.net as VPS's address. >=20 > Then all network traffics for vps1.codebusterz.net will go to vps1. >=20 > Same with other VPSs by the way. >=20 > Is this possible using JAIL? >=20 > Thanks >=20 > Yudai Yamagishi This would only be possible if the protocols your users used to connect to your server included the name of the server they wanted to connect to in the data packets setting up the connection. That is the case in eg. HTTP/1.1 and it sort of applies to SMTP. However, those are pretty much the exceptions rather than the rule. Most network protocols just have the IP and port number of the service they want to connect to. So long as you can arrange for each instance of a given service to run on a distinct port number, you can use the standard NAT type function= s in pf(4) or ipfw(8)+natd(8) to hide a whole private network of servers behind a single IP number. You can also use this on a single server with jail(8) by binding the jailed IPs to the loopback interface, and using NAT on the external interface to rewrite the addresses on incoming traffic. NAT is generally used in the other direction though -- to let a private network access the Internet. If you can use protocols where the name of the server is included in the data payload, you will need to set up some sort of proxy server on your firewall to direct the traffic internally. Standard firewall stuff just looks at the packet headers (layer 2 or 3) and you need extra software to= do protocol (layer 4) dependent processing. It is a toss up as to whethe= r suitable software will be available for whatever services you wish to pro= vide. Cheers, Matthew --=20 Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW --------------enig58B1961704ED22B370E96E0F Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEeVj88Mjk52CukIwRA4VMAJ9LsJlAXXUurTrov/qWPm13uZlVYgCfWZo1 FsDs0p4U4WeOO7cLO106WLI= =Dbe0 -----END PGP SIGNATURE----- --------------enig58B1961704ED22B370E96E0F--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?447958F7.1020104>