Single Public IP to Multiple Private IPs (VPS)

Hi,

I am looking into designing an advanced network architecture. One of the many things I’m working to do is build a VPS cluster behind a NAT’d firewall.

Here’s the basic concept, and the issue I’m faced which I hope to find a solution for.

  1. All domains are mapped to a single public IP address.

  2. Public IP Address is mapped to simple Linksys Router which then forwards all relevent requests (by port) to my “host” machine (which manages the VPS instances)

  3. Based on the domain requested, all relevent services (ports) are then forwarded to the appropriate private IP address (or VPS).

So that’s the design I’m looking to accomplish.

So far, I’ve got step 1 and 2 figured out, which was pretty simple.

Step 3 however is where I’m stumped. Now before someone goes and suggests using a proxy server or the like, please noted that I’m looking to forward ALL (relevent) requests to the appropriate VPS based on domain name.

  • ftp, pop3, imap, smtp, http, virtualmin, etc.

While I could spend my days managing a mapping system manually, the point to this whole design is to allow for this process to be completely in a somewhat “automatic” setup.

Ex.
Setup domain name in Virtualmin => Domain get’s mapped to Private IP on Host Machine (automatically)

Please feel free to provide your suggestions/improvements to my required solution, and thanks in advance for any and all input on the topic.

Howdy,

That’s a tricky problem to solve; the issue is that a typical firewall or router doesn’t see the hostname for most services.

That is, let’s say you’re checking email via POP. Whenever the client goes to “pop.example.com”, their desktop does a DNS lookup, retrieves the IP address, then makes a connection to the IP.

No where in the request is there any mention of what the domain name is – as soon as the client does that initial DNS lookup, the actual domain name in use is never used again, it’s just the IP address.

By the time the router gets the request, the only thing it has to inspect is the IP address itself.

The big exception here is HTTP… HTTP is designed to handle that, and it sends a “Host Header” along with the request for Apache to use for reasons like you’re describing.

So solving this problem isn’t easy :slight_smile:

The simplest solution, I think, would be to have multiple external IP’s, and based on which IP address is connected to, you’d forward the service to a particular server.

-Eric