0

I have a (Hetzner) server with a public IP of eg. 123.123.123.123, and an additional IP of eg. 456.456.456.456.

I want to serve some private webspace apps on 123.123.123.123, including a hidden master BIND server for some domains, and bridge a KVM guest to 456.456.456.456 for some publicly published webspace.

Is it possible to do that while also setting up a separate virtual network with libvirt that will resolve FQDNs to guests? These guests should be able to be accessed by, and access the internet, and should be able to have multiple FQDN's per guest, but will not have public IPs of their own. I see some documentation that states that adding 192.168.122.1 to /etc/resolv.conf on the host will allow connecting to guests via their hostname locally, and I see some information for libvirt regarding Addressing, here, but I'm ma bit lost. It seems as if this should be possible, but I'm missing something.

Do I just need to purchase IP space for every VM I want accessed by the internet, or is there a way to accomplish this?

TLDR Is it possible to set up a virtual network with libvirt that will resolve FQDNs to guests from the internet?

Michael Hampton
  • 244,070
  • 43
  • 506
  • 972
Joshp.23
  • 125
  • 6
  • 1
    First get IPv6 set up. This is easy and straightforward and all your VMs will be able to talk to each other and the Internet normally. Then worry about IPv4, which is a bloody nightmare in comparison. – Michael Hampton Oct 26 '18 at 17:28
  • Admittedly, I have never even touched IPv6. I would still want to know how to set this up properly with IPv4, however. Probably pride. – Joshp.23 Oct 26 '18 at 17:35
  • So, I should just bridge everything with IPv6 and put this all behind cloudflare, and presto? – Joshp.23 Oct 26 '18 at 18:10
  • 1
    Well, you can only put web sites behind CloudFlare, but that's certainly one option. I meant to set up IPv6 on your Hetzner server and VMs. – Michael Hampton Oct 26 '18 at 18:23
  • Ok, so, I'm comfortable with IPv6 for most use cases, after (finally) looking at it. What's the recommended way to take my Ipv4 and put my IPv6 machines behind it as a proxy/load-ballancer? – Joshp.23 Oct 27 '18 at 13:13

1 Answers1

0

Short answer: this is not possible.

Better to use IPv6 addresses (which are in abundance) for any KVM that does not absolutely require the general public to access it. Any traffic that is server-to-server will work fine on IPv6, and anything such as private cloud services will work so long as your ISP offers IPv6, which most ( > 80% ) ISP's do, and you're client is configured to use it (which most are).

Therefore just use a network bridge with IPv6 on the KVM instances.

For the public facing requirements, set up a reverse proxy like Nginx (recommended), Pound, Squid as a reverse proxy, or Apache's mod_proxy on IPv4 and reverse proxy to the IPv6 instances from there.

There are other ways of achieving this, such as SIIT-DC, but I know little about that.

Joshp.23
  • 125
  • 6