What would be the preferred solution for hosting several physical servers behind a NAT with one external IP? I know Apache can reverse proxy HTTP but if i want to do the same with FTP? Squid seems to be mentioned a lot but i am a little confused if it will work with my set up: A few physical boxes running Ubuntu with Virtualmin and they are all behind a NAT. Each physical box runs the usual LAMP stack and hosts a few virtual servers with FQDN. I need to be able to access HTTP but also at least FTP and possible SSH through this solution.
Asked
Active
Viewed 608 times
2 Answers
1
For web servers, I can recommend Varnish as the frontend node, which is a reverse proxy for your apache. Then you can differentiate on FQDN (and accelerate your web servers with cache)
As for FTP, that's a different beast, and you're stuck with using different ports. In addition, you must be sure that your server behind the NAT, utilize the forwarded ports for PASV as well.
Frontend <-> NAT <-> FTP1 (port 21, + PASV: 20000-21000)
Frontend <-> NAT <-> FTP2 (port 10021, + PASV: 21000-22000)
Your only option for having a single ip/port interface for ftp, is to host it on the frontend node (with the external ip), and mount (nfs/samba) your other folders you need available on the ftp.
Jon Skarpeteig
- 951
- 2
- 14
- 29
0
For SSH, I would just have one SSH server active to the outside world. You connect to that server, and now that you are inside your NAT'd network you can get to other servers via local IP or name from there for administration purposes.
Can't help you with the web sites, though. I know how to do it in IIS, but I'm not very good with Apache. You might be able to set up VirtualHost entries in the Apache conf file on one of the machines that specify the domain name they listen on, and forward to the appropriate internal server, but again, I'm not very up on Apache.
Joel Coel
- 12,932
- 14
- 62
- 100