there is a lot of web server ,they are different ip address,i have only one public ip.
for example
123.com @192.168.0.2
abc.com @192.168.0.3
456.com @192.168.0.4
/ip dns static add name=123.com address=192.168.0.2
/ip dns static add name=abc.com address=192.168.0.3
/ip dns static add name=456.com address=192.168.0.4
/ip firewall nat add chain=dstnat dst-address=219.158.100.133 protocol=tcp dst-port=80 action=dst-nat to-address=192.168.0.2 to-ports=80
/ip firewall nat add chain=dstnat dst-address=219.158.100.133 protocol=tcp dst-port=80 action=dst-nat to-address=192.168.0.3 to-ports=80
/ip firewall nat add chain=dstnat dst-address=219.158.100.133 protocol=tcp dst-port=80 action=dst-nat to-address=192.168.0.4 to-ports=80
but they don't work,why?
i feel gloomy,help me please.
thanks a lot .
-
-
andrewluck
Forum Veteran
- Posts: 700
- Joined:
- Location: Norfolk, UK
You should use some Virtual Domain software so you can build 100's of sites behind only one public IP.
You can check http://www.swsoft.com for Plesk
Cheers...
You can check http://www.swsoft.com for Plesk
Cheers...
Yes, much easer to do, apache etc. I kinda figured he had different client machines trying to put behind one IP.You should use some Virtual Domain software so you can build 100's of sites behind only one public IP.
You can check http://www.swsoft.com for Plesk ;)
Cheers...
Mike
-
-
wildbill442
Forum Guru
- Posts: 1055
- Joined:
- Location: Sacramento, CA
Look into Plesk. You can run multiple domains on a single IP address. Currently I have 123.com, abc.com, anotherdomain.com, and thisdomain.com running on the same public ip address 10.0.0.1.
The server opens up the packet header and examines what domain was being requested and then reply's with the appropriate website. This is all done by the HTTP server and I believe is defined in the HTTP protocol.
Works beautifully, and you don't need static IP address for each domain. The only time this might present a problem is with secure websites used for ecomerce, which might require its on IP address and certificates.
http://www.swsoft.com/
Usually you don't NAT servers that were meant to be publically accessable.
The server opens up the packet header and examines what domain was being requested and then reply's with the appropriate website. This is all done by the HTTP server and I believe is defined in the HTTP protocol.
Works beautifully, and you don't need static IP address for each domain. The only time this might present a problem is with secure websites used for ecomerce, which might require its on IP address and certificates.
http://www.swsoft.com/
Usually you don't NAT servers that were meant to be publically accessable.
-
-
joeri91942
Frequent Visitor
- Posts: 88
- Joined:
- Location: Sundsvall, Sweden
Ahlai
This is an typical example of someone that hasn't even tried to figure out what is wrong and instead decided to blame their mal-config on some other part of the system else and request help with that.... normally I wouldn't even try to respond to this kind of question but since I am feeling chariable today I will give you a few pointers
Hint, you problem lies in your basic design.... not in the MT config
#1, If you have onle ONE external IP then you should normally only have ONE physical webserver, this is since all HTTP traffic goes on port 80 and you can only have one machine receiving a address/port pair!
And before someone starts to correct me by saying that you can configure the router to examine packets and redirect to different places depending on the payload... please read the lines above, even that config still has only ONE machine listening to a IP/port pair... the router itself!
It's also a bitch to configure/maintain! Been there, done that when I was forced to FILTER/ROUTE pure NetBios (no IP) on a Token Ring network! A real bad design that I inherited when the designer got kicked out of the company... he had decided that he could bridge 5 offices running NetBios over 64Kb/s lines
#2, If you can consolidate your websites onto one server, do so! Windows 2003 CAN handle multiple web-requests (123.com, abc,com etc etc) and direct them to the correct website, just LOOK at the settings and READ the manual. RTFM-GTFW
#3, If you can NOT consolidate your websites onto one server you will have to configure an intermediate redirector AND set each server to listen to a different port...
Step 1: All HTTP traffic goes to the redirector which looks at the host header and identifies the requested host header URL. Depending on the host header it redirects the user web browser to a different port, example
http://www.abc.com -> http://www.abc.com:81
http://www.123.com -> http://www.123.com:82
http://www.jkl.com -> http://www.jkl.com:83
This can easily be done using ASP code on a W2K3 server
Step 2: Set the respective web server to listen to the correct port
- Web server for http://www.abc.com listens to port 81
- Web server for http://www.123.com listens to port 82
- Web server for http://www.jkl.com listens to port 83
Step 3: Configure your front end router to redirect traffic
to the correct server, some small changes to you previous code
ALSO PLEASE THINK BEFORE DOING ANYTHING ABOUT HTTPS!
That is a beast completely on it's own.... it is not a trivial thing to configure multiple HTTPS sites on one IP since you normally do NOT have access to the host headers in a request until it has been properly processed by the correct site
Best regards
/Jörgen
This is an typical example of someone that hasn't even tried to figure out what is wrong and instead decided to blame their mal-config on some other part of the system else and request help with that.... normally I wouldn't even try to respond to this kind of question but since I am feeling chariable today I will give you a few pointers
Hint, you problem lies in your basic design.... not in the MT config
#1, If you have onle ONE external IP then you should normally only have ONE physical webserver, this is since all HTTP traffic goes on port 80 and you can only have one machine receiving a address/port pair!
And before someone starts to correct me by saying that you can configure the router to examine packets and redirect to different places depending on the payload... please read the lines above, even that config still has only ONE machine listening to a IP/port pair... the router itself!
It's also a bitch to configure/maintain! Been there, done that when I was forced to FILTER/ROUTE pure NetBios (no IP) on a Token Ring network! A real bad design that I inherited when the designer got kicked out of the company... he had decided that he could bridge 5 offices running NetBios over 64Kb/s lines
#2, If you can consolidate your websites onto one server, do so! Windows 2003 CAN handle multiple web-requests (123.com, abc,com etc etc) and direct them to the correct website, just LOOK at the settings and READ the manual. RTFM-GTFW
#3, If you can NOT consolidate your websites onto one server you will have to configure an intermediate redirector AND set each server to listen to a different port...
Step 1: All HTTP traffic goes to the redirector which looks at the host header and identifies the requested host header URL. Depending on the host header it redirects the user web browser to a different port, example
http://www.abc.com -> http://www.abc.com:81
http://www.123.com -> http://www.123.com:82
http://www.jkl.com -> http://www.jkl.com:83
This can easily be done using ASP code on a W2K3 server
Step 2: Set the respective web server to listen to the correct port
- Web server for http://www.abc.com listens to port 81
- Web server for http://www.123.com listens to port 82
- Web server for http://www.jkl.com listens to port 83
Step 3: Configure your front end router to redirect traffic
to the correct server, some small changes to you previous code
Code: Select all
/ip firewall nat
add chain=dstnat dst-address=219.158.100.133 protocol=tcp dst-port=81 action=dst-nat to-address=192.168.0.2 to-ports=81
add chain=dstnat dst-address=219.158.100.133 protocol=tcp dst-port=82 action=dst-nat to-address=192.168.0.3 to-ports=82
add chain=dstnat dst-address=219.158.100.133 protocol=tcp dst-port=83 action=dst-nat to-address=192.168.0.4 to-ports=83 That is a beast completely on it's own.... it is not a trivial thing to configure multiple HTTPS sites on one IP since you normally do NOT have access to the host headers in a request until it has been properly processed by the correct site
Best regards
/Jörgen
use web proxy (for http only)
It's only work for http connection not https connection.
1. First Configure your web proxy
/ ip web-proxy
set enabled=yes src-address=0.0.0.0 port=8080 hostname="your.proxy" \
transparent-proxy=yes parent-proxy=0.0.0.0:0 \
cache-administrator="webmaster" max-object-size=4096KiB cache-drive=system \
max-cache-size=unlimited max-ram-cache-size=unlimited
/ ip web-proxy access
add dst-port=23-25 action=deny comment="block telnet & spam e-mail relaying" \
disabled=no
add dst-port=80 action=allow comment="Enable Http Connection" disabled=no
2. Configure Static DNS of domains to resolve to internal ip
/ip dns static add name=123.com address=192.168.0.2
/ip dns static add name=abc.com address=192.168.0.3
/ip dns static add name=456.com address=192.168.0.4
/ip dns static add name=www.123.com address=192.168.0.2
/ip dns static add name=www.abc.com address=192.168.0.3
/ip dns static add name=www.456.com address=192.168.0.4
3. Configure NAT to redirect traffic to webproxy
(i.e. your public ip address is xxx.xxx.xxx.xxx)
/ip firewall nat
add chain=dstnat in-interface=outside dst-address=xxx.xxx.xxx.xxx protocol=tcp \
dst-port=80 action=redirect to-ports=8080 comment="" disabled=no
The traffic for 123.com will be like this
The web proxy will redirect traffic to the 123.com internal ip address which is 192.168.0.2
Internet --> xxx.xxx.xxx.xxx:80 ---> xxx.xxx.xxx.xxx:8080 --> 192.168.0.2:80
I hope this would be helpful
1. First Configure your web proxy
/ ip web-proxy
set enabled=yes src-address=0.0.0.0 port=8080 hostname="your.proxy" \
transparent-proxy=yes parent-proxy=0.0.0.0:0 \
cache-administrator="webmaster" max-object-size=4096KiB cache-drive=system \
max-cache-size=unlimited max-ram-cache-size=unlimited
/ ip web-proxy access
add dst-port=23-25 action=deny comment="block telnet & spam e-mail relaying" \
disabled=no
add dst-port=80 action=allow comment="Enable Http Connection" disabled=no
2. Configure Static DNS of domains to resolve to internal ip
/ip dns static add name=123.com address=192.168.0.2
/ip dns static add name=abc.com address=192.168.0.3
/ip dns static add name=456.com address=192.168.0.4
/ip dns static add name=www.123.com address=192.168.0.2
/ip dns static add name=www.abc.com address=192.168.0.3
/ip dns static add name=www.456.com address=192.168.0.4
3. Configure NAT to redirect traffic to webproxy
(i.e. your public ip address is xxx.xxx.xxx.xxx)
/ip firewall nat
add chain=dstnat in-interface=outside dst-address=xxx.xxx.xxx.xxx protocol=tcp \
dst-port=80 action=redirect to-ports=8080 comment="" disabled=no
The traffic for 123.com will be like this
The web proxy will redirect traffic to the 123.com internal ip address which is 192.168.0.2
Internet --> xxx.xxx.xxx.xxx:80 ---> xxx.xxx.xxx.xxx:8080 --> 192.168.0.2:80
I hope this would be helpful
Maybe you would like to add an article about this in the MikroTik Wiki page:
http://wiki.mikrotik.com/
http://wiki.mikrotik.com/
I think I saw that this is an exchange 2003 server?
If so, use "HOST HEADERS"
you can publish infanate number od websites/domains on one IP and one port..
But keep in mind two things...
1) A valid DNS record MUST exist
2) Sites can only be called via name NOT IP
I think it works for http and https..
IE http://server.com
HTTPS://server2.com
should be able to reside on the same box at the same IP
(Ports will change as we all know..)
This should work out of the box..
I use it here and host multiple intranets on one server with one IP address.
Craig
If so, use "HOST HEADERS"
you can publish infanate number od websites/domains on one IP and one port..
But keep in mind two things...
1) A valid DNS record MUST exist
2) Sites can only be called via name NOT IP
I think it works for http and https..
IE http://server.com
HTTPS://server2.com
should be able to reside on the same box at the same IP
(Ports will change as we all know..)
This should work out of the box..
I use it here and host multiple intranets on one server with one IP address.
Craig
no https connection
Transparent web proxy not support https connection, it only work in http connection.
Re: use web proxy (for http only)
it's a good idea!It's only work for http connection not https connection.
1. First Configure your web proxy
/ ip web-proxy
set enabled=yes src-address=0.0.0.0 port=8080 hostname="your.proxy" \
transparent-proxy=yes parent-proxy=0.0.0.0:0 \
cache-administrator="webmaster" max-object-size=4096KiB cache-drive=system \
max-cache-size=unlimited max-ram-cache-size=unlimited
/ ip web-proxy access
add dst-port=23-25 action=deny comment="block telnet & spam e-mail relaying" \
disabled=no
add dst-port=80 action=allow comment="Enable Http Connection" disabled=no
2. Configure Static DNS of domains to resolve to internal ip
/ip dns static add name=123.com address=192.168.0.2
/ip dns static add name=abc.com address=192.168.0.3
/ip dns static add name=456.com address=192.168.0.4
/ip dns static add name=www.123.com address=192.168.0.2
/ip dns static add name=www.abc.com address=192.168.0.3
/ip dns static add name=www.456.com address=192.168.0.4
3. Configure NAT to redirect traffic to webproxy
(i.e. your public ip address is xxx.xxx.xxx.xxx)
/ip firewall nat
add chain=dstnat in-interface=outside dst-address=xxx.xxx.xxx.xxx protocol=tcp \
dst-port=80 action=redirect to-ports=8080 comment="" disabled=no
The traffic for 123.com will be like this
The web proxy will redirect traffic to the 123.com internal ip address which is 192.168.0.2
Internet --> xxx.xxx.xxx.xxx:80 ---> xxx.xxx.xxx.xxx:8080 --> 192.168.0.2:80
I hope this would be helpful
thanks a lot.
Who is online
Users browsing this forum: No registered users and 33 guests