All of lore.kernel.org
 help / color / mirror / Atom feed
From: "Martin A. Brown" <mabrown-lartc@securepipe.com>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] Routing + Proxying
Date: Fri, 07 Mar 2003 14:06:44 +0000	[thread overview]
Message-ID: <marc-lartc-104704614013740@msgid-missing> (raw)
In-Reply-To: <marc-lartc-104704348910384@msgid-missing>


Hello Pete,

 : I am hoping to set up a pair of web servers that sit behind a firewall.  The
 : firewall will have a single live ip address and the web servers will be
 : internal.  So my question is a simple one, which I doubt there is a simple
 : solution to (if any).... but that's why I'm asking. ;-)
 : In a simple setup of one firewall + one web server, the firewall would map
 : port 80 to the web server's port 80.

Sure....this could be netfilter DNAT.

 : Would there be a way of 'splitting' or 'load balancing' the requests between
 : the two web servers such that one of the two following scenarios is possible
 : (or any others that you can think of):

Yes.

 : 1) Each web server hosts a limited number of web sites & the firewall
 : intelligently distributes the packets based on the requested url to the
 : respective web server.

This would require application layer logic, i.e., a very smart
proxy....you might examine squid [1].

 : 2) Each web server hosts all web sites & the firewall intelligently
 : distributes whole requests to an individual web server.

You should take a look at LVS [2].  This is probably a safer and more
robust solution to the problem you outline in your first paragraph.

 : I've looked into a proxy sitting on the firewall, but this seems to
 : pose an additional problem: if the DNS points at the firewall as the IP
 : address for the individual web site and the proxy is sitting at that
 : address, how does it know to relay the request internally (this is the
 : part that I realise is not LARTC-based).

-Martin

  [1]  http://www.squid-cache.org/
  [2]  http://www.linuxvirtualserver.org/

-- 
Martin A. Brown --- SecurePipe, Inc. --- mabrown@securepipe.com

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

  reply	other threads:[~2003-03-07 14:06 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2003-03-07 13:23 [LARTC] Routing + Proxying A. Peter Mee
2003-03-07 14:06 ` Martin A. Brown [this message]
2003-03-08  2:23 ` S Mohan

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=marc-lartc-104704614013740@msgid-missing \
    --to=mabrown-lartc@securepipe.com \
    --cc=lartc@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.