Date: Sun, 9 Dec 2001 12:28:41 -0600 From: "Dustin Puryear" <dpuryear@usa.net> To: "Gabriel Ambuehl" <gabriel_ambuehl@buz.ch> Cc: <freebsd-isp@freebsd.org> Subject: RE: Re[2]: Using DNAT and DNS round-robin Message-ID: <PGECILGGNJGDPJKLFEMICEJJCIAA.dpuryear@usa.net> In-Reply-To: <112451517177.20011209190758@buz.ch>
next in thread | previous in thread | raw e-mail | index | archive | help
Gabriel, let me try to explain this better. We want to setup n web servers behind a firewall, all of which will be running FreeBSD 4.4-RELEASE. The web servers will be setup for IP-based virtual hosting. In order to support virtual hosting we need to do one of the following: setup the firewall to just route all incoming packets for our assigned network internally and have each web server setup an interface aliase for each IP address used by a virtual host (I'm not even sure how this would be done to be honest since we can't have multiple servers using the same IP), setup our firewall with an interface alias for each IP address used by a virtual host and then use DNAT to just route each incoming packet to one of the n web servers to be serviced, or use Squid as a reverse proxy and forgo DNAT or using the public IP addresses internally. The Squid solution seems the best, but I could be wrong. My question was what method is being used by others, and if we choose the second method, if we can still use DNS round robin. (The latter question you have answered.) Regards, Dustin PS I CC'd freebsd-isp for others that may be curious or that may read this thread later on. --- Dustin Puryear <dpuryear@usa.net> Information Systems Consultant http://members.telocity.com/~dpuryear In the beginning the Universe was created. This has been widely regarded as a bad move. - Douglas Adams > -----Original Message----- > From: owner-freebsd-questions@FreeBSD.ORG > [mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Gabriel Ambuehl > Sent: Sunday, December 09, 2001 12:08 PM > To: questions@freebsd.org > Subject: Re[2]: Using DNAT and DNS round-robin > > > -----BEGIN PGP SIGNED MESSAGE----- > > Hello Dustin, > > Sunday, December 09, 2001, 6:59:21 PM, you wrote: > > > I forgot to mention our third option, which also appears quite > > viable. We are looking into the use of Squid, which has virtual > > hosting support. Using this method we can forgo DNAT entirely. Any > > thoughts or experience with this additional method? > > > I don't fully get what you're trying to achieve. If each machine got > an IP on the firewall, why would you want to use NAT, then (no > routing > beyond the firewall is about the only reason I can think of and in > that case, you should kick your ISP)? > > Round robin DNS for sure does work and it doesn't at all care whether > you got some NAT redirects or not. > > > > Best regards, > Gabriel > > > -----BEGIN PGP SIGNATURE----- > Version: PGP 6.5i > > iQEVAwUBPBOaXsZa2WpymlDxAQFzaQf/Xl3hzdn0Ufy6ePJo5bFLz5uUR31AX2ll > SX0/07cnHlf3oMRZTdONy/0gRN7BKMSx0BFtrEtteAC9v2cdExSs34NLlzN/nJIx > hbdSQteZX/r0cA8lTU3doBR08sCSHWSCyFvbHPhisv9LWSLgGykrtoERdloiODkc > Mq8AL2/Fo67LxaqTEORIG8rGioZ0yUDBs9MYyfY2OHmeV5iJNO/q+xa++ENHn41f > 4QOcgN8ft/LukBByiPYFGiV9EY3lv+JZ7ma8Yz6pIKOJbJf2TnMo1UUp3In4cpBp > v5GMgW1z5XL5jWbaxWintuir0MUu+k7tnbXQasEXSK9DYeIRUM7n6g== > =UXQ+ > -----END PGP SIGNATURE----- > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?PGECILGGNJGDPJKLFEMICEJJCIAA.dpuryear>