On 12/10/07 04:20, Indunil Jayasooriya wrote:
@ DMZ ZONE I have 3 web servers. But I have only one real ip on my
firewall. Now , I want to forward port 80 to theese 3 web servers.
How can I do it?
Like someone else suggested, run a reverse proxy on one system. You
could either run it on the firewall or a fourth system in the DMZ so
that you are not running it on the firewall. Use this reverse proxy to
intelligently redirect queries that come in to it to the correct back
end server.
In short, you are forwarding HTTP traffic to an application layer
gateway that is intelligent enough to pick the proper back end system to
handle the requests. For SMTP, you would use something like Sendmail
with Mailertable.
With regards to others comments about the single IP and not being able
to communicate with the internal servers, you can use private IP
addresses in your DMZ with out a problem so long as they are all hidden
from the world by your NATing router such that everyone would think that
all your services are coming off of your one single external IP. You
will need to pay attention to SMTP Hello names as well.
Also be aware that you are having a lot depend on connection tracking on
the NATing router, thus have a finite number of resources that are being
shared by multiple systems. If it is still in place you may want to
consider running stateless nat (IPRoute2) for your traffic coming in to
said systems so that that traffic will not exceed conntrack.
Grant. . . .
_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
