to access 4 Virtual Hosts from a public IP
jason at rampaginggeek.com
Sat Apr 10 12:20:10 CDT 2010
Tapas Mishra wrote:
>> 1) for ssh, run the domU sshd's on different ports, then use iptables rules
>> on dom0 to forward the ssh traffic to each domU
> I have a doubt regarding how Dom0 behaves as gateway here.When I am on
> a machine which is on same subnet as Dom0 is lets call it as B.
> The xen server is A.
> Now I can ssh B--->A
> there are hosts running on A which are in same subnet as A and B are.
> Lets call them a,b,c,d.
> I have not enabled IPTABLES right now in A.Just enabled
> echo 1 > /proc/sys/ipv4/ip_forward
> I am able to
> do an ssh
> B------------------------>a where 'a' is the virtual server
> running on A which is Xen
> How is ssh getting resolved to the virtual servers.
> I do not have any entry right now in /etc/resolv.conf
> about a,b,c,d.
> Neither is there any DNS which knows about a,b,c,d.
> It is only A which is aware of it since Xen is running on top of it.
> I am getting ping replies also.The point is there can be another
> machine on same subnet say D in which case an ssh to d or D will
> conflict but how is rest of the network going to behave in this case.
ok, I'm a little confused. Please confirm that I understand this correctly.
You have 6 hosts:
two physical machines: A( xenhost dom0) & B (non-xen)
four xen domU's: a,b,c,d
You have two physical networks: Net1 (public internet), and Net2
Xen host A is connected to both Net1 and Net2. Host A has a xen bridged
network with Net2, so that a, b, c, and d are all bridged to Net2.
Host B is Net2.
Is this correct?
>> 2) you could do that same as #1, but I suspect you want all web sites on
>> port 80. For that you'll need to use mod_proxy on dom0 and have it be a
>> reverse proxy for the domU's. Or you could run all of the web sites on one
>> host and just forward port 80.
> You are right here.Where should I do this change mod_proxy on dom0 in
> squid files or there is some other entry you are referring to.
> The bridge issue I have not yet been able to resolve.
I was thinking of using Apache's mod_proxy, but squid might work as
well. I've had Apache be a reverse proxy for another apache or Tomcat
before. As I recall, the private apache needs two ports, one for normal
HTTP and the another port for each virtual host that talks to the proxy.
Google for "apache tomcat mod_proxy" to get more info.
It's very cool to use mod_proxy to transition a hostname between two
machines when migrating web sites to new servers.
More information about the Linux-PowerEdge