Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 9 Dec 2001 12:28:41 -0600
From:      "Dustin Puryear" <dpuryear@usa.net>
To:        "Gabriel Ambuehl" <gabriel_ambuehl@buz.ch>
Cc:        <freebsd-isp@freebsd.org>
Subject:   RE: Re[2]: Using DNAT and DNS round-robin
Message-ID:  <PGECILGGNJGDPJKLFEMICEJJCIAA.dpuryear@usa.net>
In-Reply-To: <112451517177.20011209190758@buz.ch>
next in thread | previous in thread | raw e-mail | index | archive | help 
Gabriel, let me try to explain this better.

We want to setup n web servers behind a firewall, all of which will be
running FreeBSD 4.4-RELEASE. The web servers will be setup for IP-based
virtual hosting. In order to support virtual hosting we need to do one of
the following: setup the firewall to just route all incoming packets for our
assigned network internally and have each web server setup an interface
aliase for each IP address used by a virtual host (I'm not even sure how
this would be done to be honest since we can't have multiple servers using
the same IP), setup our firewall with an interface alias for each IP address
used by a virtual host and then use DNAT to just route each incoming packet
to one of the n web servers to be serviced, or use Squid as a reverse proxy
and forgo DNAT or using the public IP addresses internally. The Squid
solution seems the best, but I could be wrong.

My question was what method is being used by others, and if we choose the
second method, if we can still use DNS round robin. (The latter question you
have answered.)

Regards, Dustin

PS I CC'd freebsd-isp for others that may be curious or that may read this
thread later on.

---
Dustin Puryear <dpuryear@usa.net>
Information Systems Consultant
http://members.telocity.com/~dpuryear
In the beginning the Universe was created.
This has been widely regarded as a bad move. - Douglas Adams


> -----Original Message-----
> From: owner-freebsd-questions@FreeBSD.ORG
> [mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Gabriel Ambuehl
> Sent: Sunday, December 09, 2001 12:08 PM
> To: questions@freebsd.org
> Subject: Re[2]: Using DNAT and DNS round-robin
>
>
> -----BEGIN PGP SIGNED MESSAGE-----
>
> Hello Dustin,
>
> Sunday, December 09, 2001, 6:59:21 PM, you wrote:
>
> > I forgot to mention our third option, which also appears quite
> > viable. We are looking into the use of Squid, which has virtual
> > hosting support. Using this method we can forgo DNAT entirely. Any
> > thoughts or experience with this additional method?
>
>
> I don't fully get what you're trying to achieve. If each machine got
> an IP on the firewall, why would you want to use NAT, then (no
> routing
> beyond the firewall is about the only reason I can think of and in
> that case, you should kick your ISP)?
>
> Round robin DNS for sure does work and it doesn't at all care whether
> you got some NAT redirects or not.
>
>
>
> Best regards,
>  Gabriel
> 
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP 6.5i
>
> iQEVAwUBPBOaXsZa2WpymlDxAQFzaQf/Xl3hzdn0Ufy6ePJo5bFLz5uUR31AX2ll
> SX0/07cnHlf3oMRZTdONy/0gRN7BKMSx0BFtrEtteAC9v2cdExSs34NLlzN/nJIx
> hbdSQteZX/r0cA8lTU3doBR08sCSHWSCyFvbHPhisv9LWSLgGykrtoERdloiODkc
> Mq8AL2/Fo67LxaqTEORIG8rGioZ0yUDBs9MYyfY2OHmeV5iJNO/q+xa++ENHn41f
> 4QOcgN8ft/LukBByiPYFGiV9EY3lv+JZ7ma8Yz6pIKOJbJf2TnMo1UUp3In4cpBp
> v5GMgW1z5XL5jWbaxWintuir0MUu+k7tnbXQasEXSK9DYeIRUM7n6g==
> =UXQ+
> -----END PGP SIGNATURE-----
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?PGECILGGNJGDPJKLFEMICEJJCIAA.dpuryear>