Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 30th November 2011, 11:40
eko_taas eko_taas is offline
Member
 
Join Date: Feb 2011
Posts: 92
Thanks: 2
Thanked 12 Times in 10 Posts
Question Router port and DNS settings on multiserver system

My existing config:
- only one IP from ISP (unfortunately static IPs not avail., but 1/2 has been the same when router always on, have to live with that)
- Buffalo ADSL router (NAT etc. on)
- server1.example.com (all servicies) on static 192.168.xx.yyy and set as DMZ (i.e all ports open) (debian squeeze)
- other "inner-circle" router for home network 192.168.xx.z
- domainname set malually to public-IP (on providers NS1 and NS2)

Thanks to "one server only" setup has been quite easy, but now I need more power on mysql-side thus planning for dedicated server (like your 192.168.0.107 db.example.tld) (I will keep using also 192.168.0.102 server1.example.tld for other mysql-tasks, both would need "Remote Access"-option)...

Based on multiserve-howto, 2nd server basics should be easy to follow.
http://www.howtoforge.com/multiserve...ispconfig-3-p3
Also DNS would be modified...

Now questions:

1. do I need to use my own DNS i.e I have to change my domain settings
(or ISP-server1 (with DNS) would take care)?

2. How to setup router (as I'll assume my DMZ-approach might not be enough)
i.e do I have to use different (incomming ports for mysql-servers? (unfortunately Buffalo does not have port change on port-forward function, which would be easy to use and keep same ports).

3. Or do I need more public-IPs to make it happen?

Thanks again for great support
Reply With Quote
Sponsored Links
  #2  
Old 2nd December 2011, 00:33
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,721 Times in 2,562 Posts
Default

The problem is that you can forward one port to just one backend server, so you cannot run websites on two servers. But you can run different services on different servers, like web on one server, mail on another one, and so on.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 2nd December 2011, 03:10
eko_taas eko_taas is offline
Member
 
Join Date: Feb 2011
Posts: 92
Thanks: 2
Thanked 12 Times in 10 Posts
Question Idea (?) how to run several same servicies behind one public IP

Thanks for reply, seems that as expexted.

One idea, which might work (based on port 587 usage as in http://www.howtoforge.com/forums/showthread.php?t=54981

On (my) router very limited # for portforwards, so I would save do it as "bulk"
Quote:
Application Start End Protocol IP Address Enabled
server1 5110 5130 192.168.0.11
server2 5210 5230 192.168.0.12
server3 5210 5230 192.168.0.13
...
Then I would have a script on each server at startup
e.g. server1 with settings
Quote:
iptables -t nat -A PREROUTING -p tcp --dport 5110 -j REDIRECT --to-ports 21
iptables -t nat -A PREROUTING -p tcp --dport 5111 -j REDIRECT --to-ports 22
iptables -t nat -A PREROUTING -p tcp --dport 5113 -j REDIRECT --to-ports 53 ...
iptables -t nat -A PREROUTING -p tcp --dport 5114 -j REDIRECT --to-ports 80 ...
....
iptables -t nat -A PREROUTING -p tcp --dport 5112 -j REDIRECT --to-ports 587
e.g. server2 with settings
Quote:
iptables -t nat -A PREROUTING -p tcp --dport 5110 -j REDIRECT --to-ports 21
iptables -t nat -A PREROUTING -p tcp --dport 5211 -j REDIRECT --to-ports 22
iptables -t nat -A PREROUTING -p tcp --dport 5213 -j REDIRECT --to-ports 53 ...
etc.

Obviously I have to add these manually on each, but replace makes it easy / commenting out possible. Also in local netwotk orginal ports still open i.e. between servers and fot local users (ftp on port 21....)

I tried to look also how to add permanently on ISPConfig3 (3.0.4.1, squeeze) server, but could not find yet. Tried to follow http://wiki.debian.org/iptables
created /etc/iptables.test.rules
Quote:
*filter
-A PREROUTING -p tcp --dport 5112 -j REDIRECT --to-ports 587
then as su:
Quote:
# iptables-restore < /etc/iptables.test.rules
iptables-restore: line 2 failed
Any good advice on firewall?
Reply With Quote
  #4  
Old 7th December 2011, 03:15
eko_taas eko_taas is offline
Member
 
Join Date: Feb 2011
Posts: 92
Thanks: 2
Thanked 12 Times in 10 Posts
 
Default Could solve it

On above *filter should have been *nat, but anyhow did not help me to get them permanent...

Could solve finally after found mini-howto long time back:
http://www.howtoforge.com/forums/showthread.php?t=6209

Rules add to /etc/Bastille/firewall.d/pre-chain-split.sh

Last edited by eko_taas; 7th December 2011 at 03:18. Reason: added file name
Reply With Quote
The Following User Says Thank You to eko_taas For This Useful Post:
falko (7th December 2011)
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Can all the installation and configuration be automated (Kickstart) gabby Installation/Configuration 0 30th January 2010 19:47
Exim Gateway with mailwatch (Unable to receive emails) siul0_0 HOWTO-Related Questions 10 8th May 2009 23:00
localhost postfix/master: fatal: bind 127.0.0.1 port 125: Permission denied g18c Installation/Configuration 4 24th March 2009 17:39
Squid Proxy Caching on Linux obzerver Installation/Configuration 4 13th August 2008 19:51
Google Apps dayjahone General 19 29th March 2008 17:25


All times are GMT +2. The time now is 04:41.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.