to access 4 Virtual Hosts from a public IP

Jason Edgecombe jason at
Sat Apr 10 12:20:10 CDT 2010

Tapas Mishra wrote:
>> 1) for ssh, run the domU sshd's on different ports, then use iptables rules
>> on dom0 to forward the ssh traffic to each domU
> I have a doubt regarding how Dom0 behaves as gateway here.When I am on
> a machine which is on same subnet as Dom0 is  lets call it as B.
> The xen server is A.
> Now I can ssh  B--->A
> there are hosts running on A which are in same subnet as A and B are.
> Lets call them a,b,c,d.
> I have not enabled IPTABLES right now in A.Just enabled
> echo 1 > /proc/sys/ipv4/ip_forward
> I am able to
> do an ssh
> B------------------------>a           where 'a' is the virtual server
> running on  A which is Xen
> B------------------------>b
> B------------------------>c
> B------------------------>d
> How is ssh getting resolved to the virtual servers.
> I do not have any entry right now in /etc/resolv.conf
> about a,b,c,d.
> Neither is there any DNS which knows about a,b,c,d.
> It is only A which is aware of it since Xen is running on top of it.
> I am getting ping replies also.The point is there can be another
> machine on same subnet say D in which case an ssh to d or D  will
> conflict but how is rest of the network going to behave in this case.
ok, I'm a little confused. Please confirm that I understand this correctly.

You have 6 hosts:
    two physical machines: A( xenhost dom0) & B (non-xen)
    four xen domU's: a,b,c,d

You have two physical networks: Net1 (public internet), and Net2 
(private net)

Xen host A is connected to both Net1 and Net2. Host A has a xen bridged 
network with Net2, so that a, b, c, and d are all bridged to Net2.

Host B is Net2.

Is this correct?

>> 2) you could do that same as #1, but I suspect you want all web sites on
>> port 80. For that you'll need to use mod_proxy on dom0 and have it be a
>> reverse proxy for the domU's. Or you could run all of the web sites on one
>> host and just forward port 80.
> You are right here.Where should I do this change mod_proxy on dom0 in
> squid files or there is some other entry you are referring to.
> The bridge issue I have not yet been able to resolve.
I was thinking of using Apache's mod_proxy, but squid might work as 
well. I've had Apache be a reverse proxy for another apache or Tomcat 
before. As I recall, the private apache needs two ports, one for normal 
HTTP and the another port for each virtual host that talks to the proxy.

Google for "apache tomcat mod_proxy" to get more info.

It's very cool to use mod_proxy to transition a hostname between two 
machines when migrating web sites to new servers.


More information about the Linux-PowerEdge mailing list