namebased VPS using JAIL

Matthew Seaman m.seaman at infracaninophile.co.uk
Sun May 28 01:17:38 PDT 2006 

Yudai Yamagishi wrote:
> Hey,
> 
> I'm trying to serve several VPS for my friends.
> 
> But, IP addresses costs too much here in Japan.
> 
> So, I only have 1 WAN IP.
> 
> I've heard that Virtuozzo let's users create namebased VPS.
> 
> For example, I want to create a VPS called vps1.
> 
> I'll assign vps1.codebusterz.net as VPS's address.
> 
> Then all network traffics for vps1.codebusterz.net will go to vps1.
> 
> Same with other VPSs by the way.
> 
> Is this possible using JAIL?
> 
> Thanks
> 
> Yudai Yamagishi

This would only be possible if the protocols your users used to connect
to your server included the name of the server they wanted to connect to
in the data packets setting up the connection.  That is the case in eg.
HTTP/1.1 and it sort of applies to SMTP.  However, those are pretty much
the exceptions rather than the rule.  Most network protocols just have
the IP and port number of the service they want to connect to.

So long as you can arrange for each instance of a given service to
run on a distinct port number, you can use the standard NAT type functions
in pf(4) or ipfw(8)+natd(8) to hide a whole private network of servers
behind a single IP number.  You can also use this on a single server
with jail(8) by binding the jailed IPs to the loopback interface, and
using NAT on the external interface to rewrite the addresses on incoming
traffic. NAT is generally used in the other direction though -- to let a
private network access the Internet.

If you can use protocols where the name of the server is included in the
data payload, you will need to set up some sort of proxy server on your
firewall to direct the traffic internally.  Standard firewall stuff just
looks at the packet headers (layer 2 or 3) and you need extra software to
do protocol (layer 4) dependent processing.  It is a toss up as to whether
suitable software will be available for whatever services you wish to provide.

	Cheers,

	Matthew

-- 
Dr Matthew J Seaman MA, D.Phil.                       7 Priory Courtyard
                                                      Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey         Ramsgate
                                                      Kent, CT11 9PW

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 250 bytes
Desc: OpenPGP digital signature
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20060528/9bbf1005/signature.pgp

More information about the freebsd-questions mailing list