From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1MqqHx-0003uA-Gv for garchives@archives.gentoo.org; Thu, 24 Sep 2009 15:31:21 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 889C9E0478; Thu, 24 Sep 2009 15:31:20 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by pigeon.gentoo.org (Postfix) with ESMTP id 42310E0478 for ; Thu, 24 Sep 2009 15:31:20 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp.gentoo.org (Postfix) with ESMTP id CDB90679B1 for ; Thu, 24 Sep 2009 15:31:19 +0000 (UTC) X-Virus-Scanned: amavisd-new at gentoo.org X-Spam-Score: -2.495 X-Spam-Level: X-Spam-Status: No, score=-2.495 required=5.5 tests=[AWL=0.104, BAYES_00=-2.599] Received: from smtp.gentoo.org ([127.0.0.1]) by localhost (smtp.gentoo.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hXpnnl2kdgM4 for ; Thu, 24 Sep 2009 15:31:12 +0000 (UTC) Received: from lo.gmane.org (lo.gmane.org [80.91.229.12]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTP id E7BB567000 for ; Thu, 24 Sep 2009 15:31:10 +0000 (UTC) Received: from list by lo.gmane.org with local (Exim 4.50) id 1MqqHf-0005WF-Js for gentoo-user@gentoo.org; Thu, 24 Sep 2009 17:31:03 +0200 Received: from www.buffer.net ([24.73.161.102]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Thu, 24 Sep 2009 17:31:03 +0200 Received: from wireless by www.buffer.net with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Thu, 24 Sep 2009 17:31:03 +0200 X-Injected-Via-Gmane: http://gmane.org/ To: gentoo-user@lists.gentoo.org From: James Subject: [gentoo-user] Re: OT: iptables w/ 2 web servers Date: Thu, 24 Sep 2009 15:30:51 +0000 (UTC) Message-ID: References: Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Complaints-To: usenet@ger.gmane.org X-Gmane-NNTP-Posting-Host: sea.gmane.org User-Agent: Loom/3.14 (http://gmane.org/) X-Loom-IP: 24.73.161.102 (Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.1.22) Gecko/20090820 SeaMonkey/1.1.17) Sender: news X-Archives-Salt: fcafa6f8-272e-4135-ae51-1f68ba321b01 X-Archives-Hash: 08d795d4b219002d77bce2be7c88663d Stroller stellar.eclipse.co.uk> writes: > > I have one static IP > > ... Could someone post > > some simple iptable examples of how to route 2 different > > web server traffic streams to 2 different machines? > > Both are inside the same DMZ....2 different machines > > with different (NAT) IP addresses. > Can't be done. Ok, that explains why I drew a blank on how to proceed. > There is no way for IPtables to distinguish between an http request to > bigbreastedmommas.com at 24.73.161.102 and an http request to > bouncyboobs.com at 24.73.161.102, assuming both are on port 80. So the best I can do is forward all traffic( 80, 443, etc) for the group of websites to a proxy behind the firewall, then use software such as what kashani suggested (proxypass, Squid, ngnix, lighttpd, or Varnish) and parse the traffic with some form of vhosts implementation on a single server (nated IP)? I definately do not want to run anything additional on the firewall, unless it is absolutely secure and then it would have to have an light loading of firewall resources. Then if the load of the combined virtual hostings becomes too large, I use a group (cluster) of servers that and implement some sort of load balancing across the machines that each contain complete copies of each website? Then there is the question of how to keep the individual machines 'in sync' and the limitation that once a machine is saturated (performance suffers too much due to insufficient resources) there is no solution for expansion? One last thing. I can get a small subnet of say 5 IP address from my ISP for an additional 20/month. That that help me? I want to put up dozens of small charitable web sites. None will have a huge user base, but I was going to stream some limited video from each of them. Any other architectual solutions here? (outside hosting is not an option). My ISP is very cool, and will even let me run my own primary and secondary name service, if that helps redirect the traffic? Ideas? James