Public Private Nat Mulitple Servers
-
- Posts: 12
- Joined: Tue Oct 18, 2016 10:14 am
Public Private Nat Mulitple Servers
I'm totally new to this, and who knows, maybe I got the wrong product for job. My project started simple. Find a solution to hosting multiple web pages on multiple servers using only 1 public ip address. No :## port numbers allowed on the websites or anything that would make it difficult for general public to get to the websites. I googled around and found that xgenx is the thing for that and some more googling and Vesta looked like it would make the whole thing turn key and I really like the simple interlace. It's incredibly fast too. Anyhow I'm stuck trying to understand how and where to configure what regarding the IPs and NATing. So let me explain my setup.
I have 3 servers inhouse, each with a web interface. (A Synology, an Exchange 2013 Server, and a Windows Server with IIS). I purchased a bunch of domains so I can put a different domain for each device although, preferably I'd like to just use subdomains. This is for my family and a bought an lastname.family domain. How can I use Vesta to redirect using one public ip address to all 3 servers using sub domains? Let's say exchange.lastname.family synology.lastname.family and www.lastname.family. Again, no port changing trickery, just Vesta and NAT.
I have 3 servers inhouse, each with a web interface. (A Synology, an Exchange 2013 Server, and a Windows Server with IIS). I purchased a bunch of domains so I can put a different domain for each device although, preferably I'd like to just use subdomains. This is for my family and a bought an lastname.family domain. How can I use Vesta to redirect using one public ip address to all 3 servers using sub domains? Let's say exchange.lastname.family synology.lastname.family and www.lastname.family. Again, no port changing trickery, just Vesta and NAT.
-
- Posts: 12
- Joined: Tue Oct 18, 2016 10:14 am
Re: Public Private Nat Mulitple Servers
In addition, I went ahead and set Vesta as the Name Servers for the lastname.family domain. So Vesta already has control of the DNS Zone file and I can see that it's working, but it's giving the private IPs when I do an NSLookup.
Note: To clarify the port limit, I meant it strictly on the public side. All browsers default http and https to 80 and 443 and that's the part I don't want to change. I can't give port numbers as part of the urls. It's gotta be easy if people are going to use it.
Note: To clarify the port limit, I meant it strictly on the public side. All browsers default http and https to 80 and 443 and that's the part I don't want to change. I can't give port numbers as part of the urls. It's gotta be easy if people are going to use it.
-
- Support team
- Posts: 1096
- Joined: Sat Sep 06, 2014 9:58 pm
- Contact:
- Os: Debian 8x
- Web: apache + nginx
Re: Public Private Nat Mulitple Servers
Try to do thigns in step wise manner.
So what device handles NAT ? Your Internet router ? if so, you need to do the Port forwarding in your router to the local IPs from your router.
Then goto canyouseeme.org and check if your port forwarding is working.
You cannot forward one port to more than one device so if you want 3 webservices, on the NAT public side you have to use different incoming ports on your router.
This is a bit confusing at first, but in networking there isn't really an easy way :(
So what device handles NAT ? Your Internet router ? if so, you need to do the Port forwarding in your router to the local IPs from your router.
Then goto canyouseeme.org and check if your port forwarding is working.
You cannot forward one port to more than one device so if you want 3 webservices, on the NAT public side you have to use different incoming ports on your router.
This is a bit confusing at first, but in networking there isn't really an easy way :(
-
- Posts: 12
- Joined: Tue Oct 18, 2016 10:14 am
Re: Public Private Nat Mulitple Servers
I'm actually pretty familiar with standard NAT and port forwarding. But this request is different in that it's doing the "impossible". Multiple websites on a single IP and Port.0. VESTA does this. It only has one public ip and I can see it can have many domains and many different websites all going through a single public IP and a single port 80. What I don't know or can't see, but figured I'd ask is if there are limits to this. Maybe the websites HAVE to be on the same server for it to work?
From what I understand, xgenx grabs the domain info from the browser's page request in order to re-direct the traffic to and from that one website. I'm wondering if this can extend past websites built into the Vesta Control Panel. Even a "re-direct" would be acceptable where a "website" is created but it just relays to and from another server with the website wanted.
From what I understand, xgenx grabs the domain info from the browser's page request in order to re-direct the traffic to and from that one website. I'm wondering if this can extend past websites built into the Vesta Control Panel. Even a "re-direct" would be acceptable where a "website" is created but it just relays to and from another server with the website wanted.
-
- Support team
- Posts: 1096
- Joined: Sat Sep 06, 2014 9:58 pm
- Contact:
- Os: Debian 8x
- Web: apache + nginx
Re: Public Private Nat Mulitple Servers
If you want to run such a setup, you need to have a DNS at your end running on your Public IP. You can use Vesta's DNS.
This DNS will accept incoming requests and forward them to the specific LAN IP for each domain as per their A record.
That is how the internet works...! hope you understand.
This DNS will accept incoming requests and forward them to the specific LAN IP for each domain as per their A record.
That is how the internet works...! hope you understand.
-
- Posts: 12
- Joined: Tue Oct 18, 2016 10:14 am
Re: Public Private Nat Mulitple Servers
Thank you mehargags, I am currently using Vesta's DNS already. It's configured as both ns1.lastname.family and ns2.lastname.family as well as vesta.lastname.family on my registrar. So here is where my delma starts. In the DNS section for each subdomain I can type an IP address. If I type my LAN (NAT) ip address, then nslookup show the LAN IP and outside users cannot access the websites. If i add ip addresses in the IP address section, then the server is assigned additional IP addresses and causes and IP address conflict with the server I intend. I'm not sure that using standard menu options will allow me to achive my goal. However I do see the potential because the server has the NAT option to translate back and fouth LAN to WAN Ips as well as domain packet information to route to specific webpages.mehargags wrote:If you want to run such a setup, you need to have a DNS at your end running on your Public IP. You can use Vesta's DNS.
This DNS will accept incoming requests and forward them to the specific LAN IP for each domain as per their A record.
That is how the internet works...! hope you understand.
Another example more for the web hosting crowd. Imagine, if you will, you have a hosting company and you are using Vesta. You have a few clients and all is well. Then, one of your clients whom already has hosting with you decides that he needs a Windows IIS for his website and cannot use the Linux Apache that Vesta has built in. You have a windows server already and it has IIS, you have your Vesta Server, You have a firewall with NAT and both servers can access the internet and each other just fine. However, you only have 1 pubic ip address and cannot get any more. What do you do?
-
- Support team
- Posts: 1096
- Joined: Sat Sep 06, 2014 9:58 pm
- Contact:
- Os: Debian 8x
- Web: apache + nginx
Re: Public Private Nat Mulitple Servers
Well, without and actual Network MAP it is impossible to really draw and suggest what should work. You can PM me your network plan... may be I'll take a look.
The router will throw the incoming call your DNS - how ?
How will DNS throw the call to specific IP ?
The router will throw the incoming call your DNS - how ?
How will DNS throw the call to specific IP ?
-
- Posts: 12
- Joined: Tue Oct 18, 2016 10:14 am
Re: Public Private Nat Mulitple Servers
Thanks for your help mehargags, but you seem to be getting hung up on ip/dns, that part is done. The real trick that I'm looking for is two internal servers, one public port. Specifically port 80. NAT can only port forward to one of the servers with just one ip address. Except! that ngenx seems to be able to act as a proxy and it takes the port 80 request and then decides which server to send/receive to/from at a packet inspection level.mehargags wrote:Well, without and actual Network MAP it is impossible to really draw and suggest what should work. You can PM me your network plan... may be I'll take a look.
The router will throw the incoming call your DNS - how ?
How will DNS throw the call to specific IP ?
I'm still looking at solutions, but this may be a feature that Vesta might want to add to their menu options.
https://www.techandme.se/set-up-nginx-reverse-proxy/
-
- Support team
- Posts: 1096
- Joined: Sat Sep 06, 2014 9:58 pm
- Contact:
- Os: Debian 8x
- Web: apache + nginx
Re: Public Private Nat Mulitple Servers
@damian.lavalle
may be I'm not able to understand... but I'm clear on my facts.
VestaCP is not designed to be run on home ISP environment... Its a server management panel and not an NAT router.
Sorry if I could not help.
may be I'm not able to understand... but I'm clear on my facts.
VestaCP is not designed to be run on home ISP environment... Its a server management panel and not an NAT router.
Sorry if I could not help.
-
- Posts: 12
- Joined: Tue Oct 18, 2016 10:14 am
Re: Public Private Nat Mulitple Servers
You do understand mehargags, trust me, I can tell you know about NAT, DNS, PortForwading and Vesta is and isn't a server management panel. It currently only has options to manage itself. It's own websites. Only ones on the Vesta server itself. But It has the capabilities, the components, to do more than just Vesta web servers, it can forward to websites within the LAN, not related to Vesta. They just don't have the options in the panel.mehargags wrote:@damian.lavalle
may be I'm not able to understand... but I'm clear on my facts.
VestaCP is not designed to be run on home ISP environment... Its a server management panel and not an NAT router.
Sorry if I could not help.
For as long as ipv4 has been in place and the progress to ipv6 has been slow, I foresee xgenx to be built into routers and firewalls soon. Most everyone has devices at home with http or https configuration pages and the ability to change the port 80,443 to 8080 or 4443 or even Vesta's own 8083 is becoming a headache. It's easier to remember vesta.vestacp.com than vestacp.com:8083