Router port and DNS settings on multiserver system

Discussion in 'Installation/Configuration' started by eko_taas, Nov 30, 2011.

  1. eko_taas

    eko_taas New Member

    My existing config:
    - only one IP from ISP (unfortunately static IPs not avail., but 1/2 has been the same when router always on, have to live with that)
    - Buffalo ADSL router (NAT etc. on)
    - server1.example.com (all servicies) on static 192.168.xx.yyy and set as DMZ (i.e all ports open) (debian squeeze)
    - other "inner-circle" router for home network 192.168.xx.z
    - domainname set malually to public-IP (on providers NS1 and NS2)

    Thanks to "one server only" setup has been quite easy, but now I need more power on mysql-side thus planning for dedicated server (like your 192.168.0.107 db.example.tld) (I will keep using also 192.168.0.102 server1.example.tld for other mysql-tasks, both would need "Remote Access"-option)...

    Based on multiserve-howto, 2nd server basics should be easy to follow.
    http://www.howtoforge.com/multiserver-setup-with-dedicated-web-email-dns-and-mysql-database-servers-on-debian-squeeze-with-ispconfig-3-p3
    Also DNS would be modified...

    Now questions:

    1. do I need to use my own DNS i.e I have to change my domain settings
    (or ISP-server1 (with DNS) would take care)?

    2. How to setup router (as I'll assume my DMZ-approach might not be enough)
    i.e do I have to use different (incomming ports for mysql-servers? (unfortunately Buffalo does not have port change on port-forward function, which would be easy to use and keep same ports).

    3. Or do I need more public-IPs to make it happen?

    Thanks again for great support :)
     
  2. falko

    falko Super Moderator

    The problem is that you can forward one port to just one backend server, so you cannot run websites on two servers. But you can run different services on different servers, like web on one server, mail on another one, and so on.
     
  3. eko_taas

    eko_taas New Member

    Idea (?) how to run several same servicies behind one public IP

    Thanks for reply, seems that as expexted.

    One idea, which might work (based on port 587 usage as in http://www.howtoforge.com/forums/showthread.php?t=54981

    On (my) router very limited # for portforwards, so I would save do it as "bulk"
    Then I would have a script on each server at startup
    e.g. server1 with settings
    e.g. server2 with settings
    etc.

    Obviously I have to add these manually on each, but replace makes it easy / commenting out possible. Also in local netwotk orginal ports still open i.e. between servers and fot local users (ftp on port 21....)

    I tried to look also how to add permanently on ISPConfig3 (3.0.4.1, squeeze) server, but could not find yet. Tried to follow http://wiki.debian.org/iptables
    created /etc/iptables.test.rules
    then as su:
    Any good advice on firewall?
     
  4. eko_taas

    eko_taas New Member

    Could solve it

    On above *filter should have been *nat, but anyhow did not help me to get them permanent...

    Could solve finally after found mini-howto long time back:
    http://www.howtoforge.com/forums/showthread.php?t=6209

    Rules add to /etc/Bastille/firewall.d/pre-chain-split.sh
     
    Last edited: Dec 7, 2011

Share This Page