Hello Pete, : I am hoping to set up a pair of web servers that sit behind a firewall. The : firewall will have a single live ip address and the web servers will be : internal. So my question is a simple one, which I doubt there is a simple : solution to (if any).... but that's why I'm asking. ;-) : In a simple setup of one firewall + one web server, the firewall would map : port 80 to the web server's port 80. Sure....this could be netfilter DNAT. : Would there be a way of 'splitting' or 'load balancing' the requests between : the two web servers such that one of the two following scenarios is possible : (or any others that you can think of): Yes. : 1) Each web server hosts a limited number of web sites & the firewall : intelligently distributes the packets based on the requested url to the : respective web server. This would require application layer logic, i.e., a very smart proxy....you might examine squid [1]. : 2) Each web server hosts all web sites & the firewall intelligently : distributes whole requests to an individual web server. You should take a look at LVS [2]. This is probably a safer and more robust solution to the problem you outline in your first paragraph. : I've looked into a proxy sitting on the firewall, but this seems to : pose an additional problem: if the DNS points at the firewall as the IP : address for the individual web site and the proxy is sitting at that : address, how does it know to relay the request internally (this is the : part that I realise is not LARTC-based). -Martin [1] http://www.squid-cache.org/ [2] http://www.linuxvirtualserver.org/ -- Martin A. Brown --- SecurePipe, Inc. --- mabrown@xxxxxxxxxxxxxx
