Best way to forward traffic to multiple jails for two domains?

Hi all..

Things are progressing on my FreeBSD installation.. Now, I've got to deal with web/mail traffic for two domains. For the mail, I was just planning on forwarding any traffic using the /etc/aliases file to my primary domain's mail system (sendmail) and deliver it that way (or use the local-domains file). If someone else has a suggestion to make this cleaner and run two mail servers -- one for each domain, that would be great!

However, web traffic is different.. If I have two jails running the web services for the two domains and neither know about each other, what's the best way to forward traffic to each jail as needed similar to Apache's name based virtual hosting feature.

If it helps, I'm using a Cisco (with advanced services) router if anyone is aware of a way to do routing/port forwarding that way..

Thx!
 
Don't know anything about your jails setup, so the first (and most important) question is whether your jails have public IPs.
 
Currently I've got the following setup:

HostOS ip=10.0.1.197 (provides 'real' login accounts, file storage,etc)
Jail #1 ip=10.0.1.198 NATted public interface for mail
Jail #2 ip=10.0.1.199 needs to be public interface for domain #1's www content
Jail #3 ip=10.0.1.200 needs to be public interface for domain #2's www content (and possibly mail too)

Cisco apparently has something called Zone-based policy firewall that might help if nothing else pans out.. I've still got research to do on that end..

All NAT'ing is done currently by the Cisco router -- not currently using PF or otherwise in FreeBSD.
 
ok, I don't really know what you are trying to do, and since it is not clear to me whether you are going to host those web sites to public (i.e. you want to have them accessible through internet) or just your Intranet (10.0.1/whatever) two alternatives come to my mind.

In case you are hosting for your intranet, set up dns for domains to point at the specific jail ip. This is the easiest way.

In case you are going to host to internet, you can point DNS records to your jail-host. Then you will install on your host an application capable of providing reverse-proxy services. This can be done throufg mod_proxy which is available in Apache as well as for example lighttpd, or, you can install Varnish to also get a caching solution.
 
Thanks.. The last two jails will be available via the Internet but only for web traffic and the 2nd will also have mail. I realize that I can use Apache, perhaps Squid and others to do the traffic proxing for the web stuff but it would be nice to find something that will do it for the mail stuff as well.. I'll look into Varnish which sounds similar to Squid from the comment you indicated..
 
For mail, you can configure postfix to "proxy" the designated emails to different host, see the transport(5) man page. There may be a similar thing in sendmail too.
 
There is (mailertable).

e.g.

domain.com relay:some.host.com
domain2.com relay:[123.123.123.123]
 
Thanks guys! The sendmail Mailertable feature sounds like what I'm looking for. For now just to get things going, I was thinking about setting up a 3rd installation of Apache just to use it for the name-based virtual host stuff or try my hand at Squid or Varnish..
 
Back
Top