Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Thread Tools Display Modes
Old 30th November 2011, 12:40
eko_taas eko_taas is offline
Join Date: Feb 2011
Posts: 92
Thanks: 2
Thanked 12 Times in 10 Posts
Question Router port and DNS settings on multiserver system

My existing config:
- only one IP from ISP (unfortunately static IPs not avail., but 1/2 has been the same when router always on, have to live with that)
- Buffalo ADSL router (NAT etc. on)
- server1.example.com (all servicies) on static 192.168.xx.yyy and set as DMZ (i.e all ports open) (debian squeeze)
- other "inner-circle" router for home network 192.168.xx.z
- domainname set malually to public-IP (on providers NS1 and NS2)

Thanks to "one server only" setup has been quite easy, but now I need more power on mysql-side thus planning for dedicated server (like your db.example.tld) (I will keep using also server1.example.tld for other mysql-tasks, both would need "Remote Access"-option)...

Based on multiserve-howto, 2nd server basics should be easy to follow.
Also DNS would be modified...

Now questions:

1. do I need to use my own DNS i.e I have to change my domain settings
(or ISP-server1 (with DNS) would take care)?

2. How to setup router (as I'll assume my DMZ-approach might not be enough)
i.e do I have to use different (incomming ports for mysql-servers? (unfortunately Buffalo does not have port change on port-forward function, which would be easy to use and keep same ports).

3. Or do I need more public-IPs to make it happen?

Thanks again for great support
Reply With Quote
Sponsored Links
Old 2nd December 2011, 01:33
falko falko is offline
Super Moderator
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,751 Times in 2,581 Posts

The problem is that you can forward one port to just one backend server, so you cannot run websites on two servers. But you can run different services on different servers, like web on one server, mail on another one, and so on.
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
Old 2nd December 2011, 04:10
eko_taas eko_taas is offline
Join Date: Feb 2011
Posts: 92
Thanks: 2
Thanked 12 Times in 10 Posts
Question Idea (?) how to run several same servicies behind one public IP

Thanks for reply, seems that as expexted.

One idea, which might work (based on port 587 usage as in http://www.howtoforge.com/forums/showthread.php?t=54981

On (my) router very limited # for portforwards, so I would save do it as "bulk"
Application Start End Protocol IP Address Enabled
server1 5110 5130
server2 5210 5230
server3 5210 5230
Then I would have a script on each server at startup
e.g. server1 with settings
iptables -t nat -A PREROUTING -p tcp --dport 5110 -j REDIRECT --to-ports 21
iptables -t nat -A PREROUTING -p tcp --dport 5111 -j REDIRECT --to-ports 22
iptables -t nat -A PREROUTING -p tcp --dport 5113 -j REDIRECT --to-ports 53 ...
iptables -t nat -A PREROUTING -p tcp --dport 5114 -j REDIRECT --to-ports 80 ...
iptables -t nat -A PREROUTING -p tcp --dport 5112 -j REDIRECT --to-ports 587
e.g. server2 with settings
iptables -t nat -A PREROUTING -p tcp --dport 5110 -j REDIRECT --to-ports 21
iptables -t nat -A PREROUTING -p tcp --dport 5211 -j REDIRECT --to-ports 22
iptables -t nat -A PREROUTING -p tcp --dport 5213 -j REDIRECT --to-ports 53 ...

Obviously I have to add these manually on each, but replace makes it easy / commenting out possible. Also in local netwotk orginal ports still open i.e. between servers and fot local users (ftp on port 21....)

I tried to look also how to add permanently on ISPConfig3 (, squeeze) server, but could not find yet. Tried to follow http://wiki.debian.org/iptables
created /etc/iptables.test.rules
-A PREROUTING -p tcp --dport 5112 -j REDIRECT --to-ports 587
then as su:
# iptables-restore < /etc/iptables.test.rules
iptables-restore: line 2 failed
Any good advice on firewall?
Reply With Quote
Old 7th December 2011, 04:15
eko_taas eko_taas is offline
Join Date: Feb 2011
Posts: 92
Thanks: 2
Thanked 12 Times in 10 Posts
Default Could solve it

On above *filter should have been *nat, but anyhow did not help me to get them permanent...

Could solve finally after found mini-howto long time back:

Rules add to /etc/Bastille/firewall.d/pre-chain-split.sh

Last edited by eko_taas; 7th December 2011 at 04:18. Reason: added file name
Reply With Quote
The Following User Says Thank You to eko_taas For This Useful Post:
falko (7th December 2011)


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Can all the installation and configuration be automated (Kickstart) gabby Installation/Configuration 0 30th January 2010 20:47
Exim Gateway with mailwatch (Unable to receive emails) siul0_0 HOWTO-Related Questions 10 9th May 2009 00:00
localhost postfix/master: fatal: bind port 125: Permission denied g18c Installation/Configuration 4 24th March 2009 18:39
Squid Proxy Caching on Linux obzerver Installation/Configuration 4 13th August 2008 20:51
Google Apps dayjahone General 19 29th March 2008 18:25

All times are GMT +2. The time now is 14:19.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.