A frequently-asked query:
So lets say I have 2 servers, one server running mydomain.com and the other running mysite.com. Only problem is I only have one Router which as of now, can only do 1 port forward to Port 80. I need both websites to be accessed publicly on the internet. More clearly, mysite.com will be a file server which supplies mydomain.com with images.
I’m not interested in host headers/consolidating both websites onto 1 server. I have access to about 5 Public IP’s, and a couple domain names. How do I set this up exactly?
Forgot to mention, I dont want to change anything in the registry on either server, nor have anything Active Directory related. I want to duplicate the way datacenters run things.
@ Kit, Yes I have all access to the equipment. If I did assign each webserver a public Static IP, how do I go about protecting them? There would be no NAT involved at that point. I really dont want to purchase a router for each website that I decide to host. But if it is a must, please let me know.I also want to avoid placing servers in a DMZ.
Answer: It’s very difficult to maintain your own server at home especially if your are hosting so many sites. Aside from it’s difficulty in maintaining and/or set it up, it is costly on the long run and requires a good foundation in web hosting.
If you are having a difficulty, why not try external cheap hosting and ask from web hosting experts?
To start with, you can use Justhost. If you are building your first website and needs a hosting package, we highly recommend you go with Justhost. You should also read this Justhost review to see what we mean. Justhost gives free domain name, unlimited bandwidth, unlimited webspace, unlimited add-on domains, easy Sitebuilder, cPanel, Fantastico and much more for so cheap. You can subscribe with Justhost for only $4.45/month (must use the coupon below).
At Justhost, you can use Fantastico to autoinstall applications such as WordPress, Joomla, Drupal, phpBB, OSCommerce and many more.
Save 50%
Click the coupon below to save 50% off the normal price
Why not leave your comment in the box below.
If you have access to five IPs but are still trying to use Port Forwarding, then it’s not set up correctly. If your ISP set up your router, you probably have the option for the router to assign NAT via DHCP, however you do not want this for the two servers in question. You will want to manually assign them IPs from your available pool in the OS on the server. Once this is done, point the domains to their respective IPs.
If you are not sure that your router is set up properly, you will want to check with your ISP directly as they will have information on how to configure things properly there.
Edit:
If they have a Static IP, it would be severely different from a DMZ, since the DMZ is still behind the NAT. A properly-maintained web server being protected simply means ensuring that no unnecessary services are running and keeping the OS and such up to date.
Unfortunately, you can only have one port 80 redirect, since the way a redirect works through NAT is to say "Ah, you want port 80, I’ll pretend I’m not here and send you straight to Box A".
The solutions in this case depend on the capability of your router. Taking a simplistic network of x.y.z.0-x.y.z.8 (x.y.z.0/29), your network base would be .0 (Not usable), and your broadcast address would be .8 (not usable). That leaves six, of which the router itself gets one (usually .1 or .7), leaving five for other machines.
If you can tell the router itself to use two addresses (like .1 and .2) and NAT those to separate subdomains, it can work. NAT .1 to 192.168.1.0 and .2 to 192.168.2.0. Put the servers inside those, and redirect port 80 on each NAT external address to the respective server inside. They can run on the same wire, but be cautious about routing if you do so. The servers would not be able to talk to each other easily for example.
If you can use only one of the external IPs as NAT on the router and route packets coming to the other external IP on the router to a different server inside the NAT, that will work better as then you only have one IP internally and the servers would be able to speak to each other.
Data centers that have an external system and an internal system generally have DMZ machines that have limited services (Such as Web) that are the only things allowed to speak through the internal network to other machines internally, and only in a limited way, such as SQL for example.
It sounds like you want to do some relatively complicated stuff there though. Is this for production purposes or for ‘test’ purposes? The former has different answers that will work or work better than the latter.
Edit 2:
You are completely correct about the "8 IPs" comes back with 6 that can be used. And one of those has to be used by the router, specifically to route. Every subnet has a network base and a broadcast address. As you noted, on a class C, those are the .0 and .255 respectively.
The "Normal" manner to do this is to have two computers on two IPs, and yes, on routable IPs. Then the proper task is to ensure the computers stay up to date and secure. After all, even if you are behind NAT, your router is exposed, so it needs to be secure. Same thing either way, just a difference in devices.
The "Alternate" manner is, like I said, to assign two IPs as NAT external interfaces on the router and have them both feed into the LAN subnet. Then port 80 on each of those IPs can be routed to a different static server inside the LAN subnet.
The end of my last edit really is the kicker here though: Is this for Theory (sandbox, playing, etc), Test,, or Production? In Theory, you can do complicated things to learn stuff in ways that don’t really work as well in real scenarios. In a test, there is ‘Right’ and ‘Wrong’ and often those don’t match Real Life. In Production, there are a lot of other factors you want to take into consideration (like the network pipeline, cost efficiency, bottlenecks, etc).
In any case, as long as you accomplish what you set out to do, you’re good to go.
Use Network address translation… and give them a different port number.
@Kit
I had to create a separate account so that I wouldn’t overload my initial question with edits. I looked into the DMZ setup, and I don’t think its the setup for me. It would add to the complexity of design and maintenance.
If given a block of 8 IP’s, no matter what….I will only have 6 usable in the end? I know this applies with the subnet mask and all, only 254 hosts. 0 not usable or 255.
I have done a little researching and think Static NAT fits my needs the best. Thanks.