0

I have 1/2 a cabinet at a datacenter and only 3 IP addresses, and at the office I have a 100MB fiber with 5 that I am able to use for hosting.

At a surplus electronics place I picked up several F5 BigIP 3600 for around $100 each thinking I could use them at the office and the datacenter but after nearly a year of trying to get them running, I have given up. Everything seems to be setup exactly how it is supposed to be and all the internal tests pass, but trying to actually use it fails for forward traffic.

With that in mind, I would like to be able to split up the traffic on a single WAN to multiple internal addresses. I was trying to start up a VPS box and got Windows, Ubuntu, CentOS, and OSX all installed on a single server, but that means 4 IP addresses (not to mention how many I would use once I start cloning them).

I found last night I can use Nginx to do HTTP traffic using a reverse proxy, but is there a better way that won't break the bank that would also allow me to connect to SSH and other services / ports using the domain?

For example, if I have

http://domain-on-server1.com
http://domain-on-server2.com

On my DNS I would create A records for each domain to forward to:

main.external.ip

Which would then forward all ports (not just 80 like Nginx) to the appropriate internal ip.

I don't mind doing some more research but if you could help guide me as to if I am looking for something like NAT, Reverse Proxy, Port Forwarding (but domain based) or what I would appreciate it. I have some experience with PFSense, but looking at the Squid3 tutorials on Youtube last night didn't seem like that was what I was looking for. I don't really need load balancing.

As it is now, it almost seems the closest I can come without a new F5 / Cisco setup is to do Nginx and then setup my ssh clients to connect though the other server as a proxy but feel like there should be something a little easier.

Alan
  • 543
  • 2
  • 6
  • 18
  • 1
    Possible duplicate of [How to divert traffic based on hostname using HAProxy?](http://serverfault.com/questions/105824/how-to-divert-traffic-based-on-hostname-using-haproxy) – Ryan Babchishin Aug 19 '16 at 17:17

1 Answers1

2

I fear you're going about this completely wrong. There's no indication that you need a load balancer, correct? You're just trying to make services on multiple private IP addresses available on a small set of public IP addresses.

What you need is a router that can perform NAT, not nginx, and not an F5.

You're on the right track with pfSense. That's what I'd recommend. Put that in front of your servers and then use it to forward ports as needed. If you do need load balancing, you can either use pfSense for that as well, or use another load balancer (haproxy, nginx, etc.) inside your network, behind the firewall. pfSense also has a Squid package that you can install if you need an HTTP-aware proxy.

With regards to granting SSH access, a typical use pattern that I would recommend is to have a single, well-protected SSH bastion host that you can connect to, and then jump from there to the rest of your internal hosts. You can even use configuration bits in your ~/.ssh/config to automate connecting through a jump host.

EEAA
  • 109,363
  • 18
  • 175
  • 245
  • Thanks EEAA, I am in my pfSense admin for NAT and don't see where I can enter a domain to filter by. I need to be able to forward port 80 to multiple servers based on the incoming domain data. So far I only see where to enter IP addresses - no domains. – Alan Aug 19 '16 at 19:19