Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 7 Feb 2001 19:48:10 -0600 (CST)
From:      Mike Meyer <mwm@mired.org>
To:        Benjamin Ossei <ben@cahostnet.net>
Cc:        questions@freebsd.org
Subject:   Re: NAT with multiple services
Message-ID:  <14977.64218.601227.578145@guru.mired.org>
In-Reply-To: <100594972@toto.iv>
next in thread | previous in thread | raw e-mail | index | archive | help 
Benjamin Ossei <ben@cahostnet.net> types:
> I was wondering if it is possible to use natd in this way.  I will like to be able to run multiple web servers behind my firewall using one public IP address.  I know you can do load balancing with natd but I don't know if you can do it with just one IP.  I also know that you can do static nat with multiple public IP.  Is this possilbe?

Yes, but....

All nat has to distinguish the incoming connections is the port number
and IP address they are trying to reach. Since you only want to use
one IP address, that leaves the port number. So instead of:

	www.domain1.com (xxx.xxx.xxx.2) mapped to 192.168.1.3
	www.domain2.com (xxx.xxx.xxx.2) mapped to 192.168.1.4
	www.domain3.com (xxx.xxx.xxx.2) mapped to 192.168.1.5

You have to do: 

	www.domain1.com (xxx.xxx.xxx.2:8081) mapped to 192.168.1.3
	www.domain2.com (xxx.xxx.xxx.2:8082) mapped to 192.168.1.4
	www.domain3.com (xxx.xxx.xxx.2:8083) mapped to 192.168.1.5

and the like. This is probably *not* what you want, though.

One solution would be to put a rather stupid redirector on the nat
machine at 80 that redirects from "www.domain1.com" to
"xxx.xxx.xxx.2:8081", and so on. Since it's not doing *anything* but
sending back the requests with a permanent redirect, it shouldn't be a
security risk. You can then use nat to redirect requests to the 808x
ports to your internal machines.

	<mike
--
Mike Meyer <mwm@mired.org>			http://www.mired.org/home/mwm/
Independent WWW/Perforce/FreeBSD/Unix consultant, email for more information.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?14977.64218.601227.578145>