Date: Sun, 28 May 2006 09:01:59 +0100 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: Yudai Yamagishi <yyahmee@mbn.nifty.com> Cc: freebsd-questions@freebsd.org Subject: Re: namebased VPS using JAIL Message-ID: <447958F7.1020104@infracaninophile.co.uk> In-Reply-To: <001c01c681ff$38d1e080$0b0ba8c0@GATEWAY> References: <001c01c681ff$38d1e080$0b0ba8c0@GATEWAY>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig58B1961704ED22B370E96E0F
Content-Type: text/plain; charset=ISO-8859-15
Content-Transfer-Encoding: quoted-printable
Yudai Yamagishi wrote:
> Hey,
>=20
> I'm trying to serve several VPS for my friends.
>=20
> But, IP addresses costs too much here in Japan.
>=20
> So, I only have 1 WAN IP.
>=20
> I've heard that Virtuozzo let's users create namebased VPS.
>=20
> For example, I want to create a VPS called vps1.
>=20
> I'll assign vps1.codebusterz.net as VPS's address.
>=20
> Then all network traffics for vps1.codebusterz.net will go to vps1.
>=20
> Same with other VPSs by the way.
>=20
> Is this possible using JAIL?
>=20
> Thanks
>=20
> Yudai Yamagishi
This would only be possible if the protocols your users used to connect
to your server included the name of the server they wanted to connect to
in the data packets setting up the connection. That is the case in eg.
HTTP/1.1 and it sort of applies to SMTP. However, those are pretty much
the exceptions rather than the rule. Most network protocols just have
the IP and port number of the service they want to connect to.
So long as you can arrange for each instance of a given service to
run on a distinct port number, you can use the standard NAT type function=
s
in pf(4) or ipfw(8)+natd(8) to hide a whole private network of servers
behind a single IP number. You can also use this on a single server
with jail(8) by binding the jailed IPs to the loopback interface, and
using NAT on the external interface to rewrite the addresses on incoming
traffic. NAT is generally used in the other direction though -- to let a
private network access the Internet.
If you can use protocols where the name of the server is included in the
data payload, you will need to set up some sort of proxy server on your
firewall to direct the traffic internally. Standard firewall stuff just
looks at the packet headers (layer 2 or 3) and you need extra software to=
do protocol (layer 4) dependent processing. It is a toss up as to whethe=
r
suitable software will be available for whatever services you wish to pro=
vide.
Cheers,
Matthew
--=20
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
Kent, CT11 9PW
--------------enig58B1961704ED22B370E96E0F
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (FreeBSD)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFEeVj88Mjk52CukIwRA4VMAJ9LsJlAXXUurTrov/qWPm13uZlVYgCfWZo1
FsDs0p4U4WeOO7cLO106WLI=
=Dbe0
-----END PGP SIGNATURE-----
--------------enig58B1961704ED22B370E96E0F--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?447958F7.1020104>