Re: two webservers, one router, multiple IP's



On Tue, 28 Nov 2006 01:15:02 GMT, shawn modersohn <smoder@xxxxxxxxxxxxx> wrote:
I have a dsl connection and 5 usable ip addresses. I want to set up one
companyweb web server and one development web server. I want to
register in DNS that companyweb.mydomain should be at x.x.x.65 while
development.mydomain should be at x.x.x.66. The public ip address that
my single linksys router picks up is x.x.x.70.

It is my understanding that if I register in DNS that
companyweb.mydomain is at x.65 and development.mydomain is at x.66,
essentially what will happen is that any of those addresses will be
routed from my isp's router to my little subnet and therefore my router.
I can then utilize my 5 addresses without have 5 separate dsl lines and
routers each with separate wan addresses. Is this correct?

Yes.

The problem then becomes how does my router know if the incoming
connection is for companyweb or development. I know I could use port
based forwarding, but I would rather have each web server use the
standard port 80.

My network is small, so I don't really need two internal 192.168.x.x
subnets. My router is only capable of picking up one public wan
address.

Yes.

I don't have a firewall instead relying on the virtue of NAT
via the router to naturally block incoming traffic.

OK for non-webservers in your lan, but see below.

I have briefly read that some firewall appliances can direct traffic
based on the requested ip address. If I was to begin researching using a
Linux firewall/proxy to do this task, would I be on the right track?
Any other suggestions for me? Thanks.

Put a switch between the DSL modem and the router. Then each
webserver machine can plug independently into the switch. Each
webserver will have its own routable IP address (x.x.x.65 or
x.x.x.66) and the router can use a third IP address (x.x.x.67 ?),
so you'll be using three out of 5 of your IP addresses. The rest
of the machines (non-webservers with 192.168.x.x IP addresses)
in your network then attach to the router.

If you want, put a second NIC in each webserver machine, give
each an independent 192.168.x.x address, and attach them to the
router as well. Then all non-internet traffic stays completely
in your lan.

Of course, this means that each of the webservers MUST have
their own firewalls (using iptables).

--
Dale Dellutri <ddelQQQlutr@xxxxxxxxxxxx> (lose the Q's)
.