Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Nat ipv4 question
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Nat ipv4 question

Hello
I setup my virtuozzo to work as Nat ipv4 as I have only on IP v4.
Right now I have only one VPS and it is working fine on all ports.

My question is what if I generate new VPS on the same account what will happen with them ports.

There is no question on the ssh port. But what happens with the port 80.

Let me explain.

In the iptables I have for VPS 1 :

iptables -t nat -A PREROUTING -p tcp -d 199.204.111.111 --dport 80 -j DNAT --to-destination 192.168.1.1:80

For VPS 2 I have
iptables -t nat -A PREROUTING -p tcp -d 199.204.111.111 --dport 80 -j DNAT --to-destination 192.168.1.2:80

So the destination for VPS 2 correctly goes to second internal IP on port 80.

But what happens with the external one on port 80. I will have already 2 external IPS that goes to different internal IPS. How the system will deal with it.

Moreover what if vps1 and VPS 2 will need the port 2003 open on the external IP for webuzo.

Is it something that I don't get it.
If you have any idea I would be happy to hear you and take your advices.

Thank you

Comments

  • You would have to use a different port on vps2 say 8080

    iptables -t nat -A PREROUTING -p tcp -d 199.204.111.111 --dport 8080 -j DNAT --to-destination 192.168.1.2:80

    So you would need to include the port number when typing the IP in your browser

    Http://199.204.111.111:8080

    So port 8080 will connect to http on vps2 @ 192.168.1.2

    Thanked by 1HWAYS
  • Ok. But if a client wants to connect though to port 80 ? Or port 2003 for webuzo ?

  • The problem is that every port exists only once per IP. You want two or five ports 80? Then you'll need two or five IPs.

    What you can do and what has been shown to you is to play firewall tricks. But that won't change the fact that port 80 for the single IP you've got exists only once (~ from the outside x.x.x.x:80 will necessarily be mapped to one single internal IP:port).

    If you want 5 web servers reachable through that single IP you will need to use http means like virtual hosts on that single IP which then "redirect" traffic to the diverse internal/virtual hosts.

    What you want would only be feasible if there was something allowing the firewall to discern which host is meant. Example: Your clients all just want to browse their (intranet) web server from well known locations. Then you could tell the firewall that a connecion from client IP a to some_host port 80 is, in fact for internal host A while a connection coming from client IP b is, in fact, for internal host B.

    Thanked by 1HWAYS
  • earlearl Member
    edited February 2015

    @HWAYS said:
    Ok. But if a client wants to connect though to port 80 ? Or port 2003 for webuzo ?

    For websites you would need to set up something like haproxy you should visit lowendspirit.com their forum might interest you.

    --goofed up.. NVM

    Thanked by 1HWAYS
Sign In or Register to comment.