Community discussions

MikroTik App
 
ahlai
newbie
Topic Author
Posts: 29
Joined: Sat May 27, 2006 8:07 am

how to publish a lot of web servers

Fri Jun 02, 2006 4:41 pm

there is a lot of web server ,they are different ip address,i have only one public ip.
for example
123.com @192.168.0.2
abc.com @192.168.0.3
456.com @192.168.0.4
/ip dns static add name=123.com address=192.168.0.2
/ip dns static add name=abc.com address=192.168.0.3
/ip dns static add name=456.com address=192.168.0.4
/ip firewall nat add chain=dstnat dst-address=219.158.100.133 protocol=tcp dst-port=80 action=dst-nat to-address=192.168.0.2 to-ports=80
/ip firewall nat add chain=dstnat dst-address=219.158.100.133 protocol=tcp dst-port=80 action=dst-nat to-address=192.168.0.3 to-ports=80
/ip firewall nat add chain=dstnat dst-address=219.158.100.133 protocol=tcp dst-port=80 action=dst-nat to-address=192.168.0.4 to-ports=80
but they don't work,why?
i feel gloomy,help me please.
thanks a lot .
 
User avatar
andrewluck
Forum Veteran
Forum Veteran
Posts: 700
Joined: Fri May 28, 2004 9:05 pm
Location: Norfolk, UK

Fri Jun 02, 2006 9:56 pm

Look at this from the router's point of view:

A packet arrives for port 80 at 219.158.100.133. How does it determine which server to forward the packet to?

Regards

Andrew
 
User avatar
jp
Long time Member
Long time Member
Posts: 611
Joined: Wed Mar 02, 2005 5:06 am
Location: Maine
Contact:

Sat Jun 03, 2006 12:35 am

As andrew was alluding to, this is a dns/httpd configuration, not a router configuration.
 
User avatar
djape
Member
Member
Posts: 465
Joined: Sat Nov 06, 2004 7:54 pm
Location: Serbia

Sat Jun 03, 2006 1:49 am

You should use some Virtual Domain software so you can build 100's of sites behind only one public IP.

You can check http://www.swsoft.com for Plesk ;)

Cheers...
 
GotNet
Member
Member
Posts: 434
Joined: Fri May 28, 2004 7:52 pm
Location: Florida

Sat Jun 03, 2006 4:43 am

You should use some Virtual Domain software so you can build 100's of sites behind only one public IP.

You can check http://www.swsoft.com for Plesk ;)

Cheers...
Yes, much easer to do, apache etc. I kinda figured he had different client machines trying to put behind one IP.

Mike
 
ahlai
newbie
Topic Author
Posts: 29
Joined: Sat May 27, 2006 8:07 am

Sat Jun 03, 2006 5:36 am

thanks ,
you mean i must use another computer to do this ,
all of my web server's os are server 2003,
how should i do.
 
wildbill442
Forum Guru
Forum Guru
Posts: 1055
Joined: Wed Dec 08, 2004 7:29 am
Location: Sacramento, CA

Sat Jun 03, 2006 6:19 am

Look into Plesk. You can run multiple domains on a single IP address. Currently I have 123.com, abc.com, anotherdomain.com, and thisdomain.com running on the same public ip address 10.0.0.1.

The server opens up the packet header and examines what domain was being requested and then reply's with the appropriate website. This is all done by the HTTP server and I believe is defined in the HTTP protocol.

Works beautifully, and you don't need static IP address for each domain. The only time this might present a problem is with secure websites used for ecomerce, which might require its on IP address and certificates.

http://www.swsoft.com/

Usually you don't NAT servers that were meant to be publically accessable.
 
ahlai
newbie
Topic Author
Posts: 29
Joined: Sat May 27, 2006 8:07 am

Sun Jun 04, 2006 2:32 pm

you mean i must install swsoft?
thanks.
 
User avatar
Hammy
Forum Veteran
Forum Veteran
Posts: 776
Joined: Fri May 28, 2004 5:53 pm
Location: DeKalb, IL
Contact:

Sun Jun 04, 2006 5:10 pm

Well, a hosting controller of some type, or get a little smarter with whatever web server you have (whether its IIS, Apache, etc.). I prefer InterWorx over Plesk, but Plesk may be one of the only if not the only one that supports Windows.
 
GJS
Member
Member
Posts: 418
Joined: Sat May 29, 2004 4:07 pm
Location: London

Sun Jun 04, 2006 9:28 pm

You can also do this 'virtual domains' with Apache. It will not work with some very old browsers but I think that most of the worlds web servers run in this configuration. You can have virtually unlimited domains on one server.
 
joeri91942
Frequent Visitor
Frequent Visitor
Posts: 88
Joined: Thu Mar 31, 2005 12:31 pm
Location: Sundsvall, Sweden

Mon Jun 05, 2006 8:22 am

Ahlai

This is an typical example of someone that hasn't even tried to figure out what is wrong and instead decided to blame their mal-config on some other part of the system else and request help with that.... normally I wouldn't even try to respond to this kind of question but since I am feeling chariable today I will give you a few pointers ;-)

Hint, you problem lies in your basic design.... not in the MT config

#1, If you have onle ONE external IP then you should normally only have ONE physical webserver, this is since all HTTP traffic goes on port 80 and you can only have one machine receiving a address/port pair!

And before someone starts to correct me by saying that you can configure the router to examine packets and redirect to different places depending on the payload... please read the lines above, even that config still has only ONE machine listening to a IP/port pair... the router itself!

It's also a bitch to configure/maintain! Been there, done that when I was forced to FILTER/ROUTE pure NetBios (no IP) on a Token Ring network! A real bad design that I inherited when the designer got kicked out of the company... he had decided that he could bridge 5 offices running NetBios over 64Kb/s lines :-(


#2, If you can consolidate your websites onto one server, do so! Windows 2003 CAN handle multiple web-requests (123.com, abc,com etc etc) and direct them to the correct website, just LOOK at the settings and READ the manual. RTFM-GTFW :-)

#3, If you can NOT consolidate your websites onto one server you will have to configure an intermediate redirector AND set each server to listen to a different port...

Step 1: All HTTP traffic goes to the redirector which looks at the host header and identifies the requested host header URL. Depending on the host header it redirects the user web browser to a different port, example
http://www.abc.com -> http://www.abc.com:81
http://www.123.com -> http://www.123.com:82
http://www.jkl.com -> http://www.jkl.com:83
This can easily be done using ASP code on a W2K3 server

Step 2: Set the respective web server to listen to the correct port
- Web server for http://www.abc.com listens to port 81
- Web server for http://www.123.com listens to port 82
- Web server for http://www.jkl.com listens to port 83

Step 3: Configure your front end router to redirect traffic
to the correct server, some small changes to you previous code
/ip firewall nat 
add chain=dstnat dst-address=219.158.100.133 protocol=tcp dst-port=81 action=dst-nat to-address=192.168.0.2 to-ports=81 
add chain=dstnat dst-address=219.158.100.133 protocol=tcp dst-port=82 action=dst-nat to-address=192.168.0.3 to-ports=82 
add chain=dstnat dst-address=219.158.100.133 protocol=tcp dst-port=83 action=dst-nat to-address=192.168.0.4 to-ports=83 
ALSO PLEASE THINK BEFORE DOING ANYTHING ABOUT HTTPS!
That is a beast completely on it's own.... it is not a trivial thing to configure multiple HTTPS sites on one IP since you normally do NOT have access to the host headers in a request until it has been properly processed by the correct site

Best regards

/Jörgen
 
tinus
just joined
Posts: 16
Joined: Thu Oct 27, 2005 9:01 pm

use web proxy (for http only)

Wed Jun 21, 2006 8:57 am

It's only work for http connection not https connection.

1. First Configure your web proxy
/ ip web-proxy
set enabled=yes src-address=0.0.0.0 port=8080 hostname="your.proxy" \
transparent-proxy=yes parent-proxy=0.0.0.0:0 \
cache-administrator="webmaster" max-object-size=4096KiB cache-drive=system \
max-cache-size=unlimited max-ram-cache-size=unlimited
/ ip web-proxy access
add dst-port=23-25 action=deny comment="block telnet & spam e-mail relaying" \
disabled=no
add dst-port=80 action=allow comment="Enable Http Connection" disabled=no

2. Configure Static DNS of domains to resolve to internal ip
/ip dns static add name=123.com address=192.168.0.2
/ip dns static add name=abc.com address=192.168.0.3
/ip dns static add name=456.com address=192.168.0.4
/ip dns static add name=www.123.com address=192.168.0.2
/ip dns static add name=www.abc.com address=192.168.0.3
/ip dns static add name=www.456.com address=192.168.0.4

3. Configure NAT to redirect traffic to webproxy
(i.e. your public ip address is xxx.xxx.xxx.xxx)

/ip firewall nat
add chain=dstnat in-interface=outside dst-address=xxx.xxx.xxx.xxx protocol=tcp \
dst-port=80 action=redirect to-ports=8080 comment="" disabled=no



The traffic for 123.com will be like this
The web proxy will redirect traffic to the 123.com internal ip address which is 192.168.0.2

Internet --> xxx.xxx.xxx.xxx:80 ---> xxx.xxx.xxx.xxx:8080 --> 192.168.0.2:80

I hope this would be helpful
 
uldis
MikroTik Support
MikroTik Support
Posts: 3446
Joined: Mon May 31, 2004 2:55 pm

Wed Jun 21, 2006 10:19 am

Maybe you would like to add an article about this in the MikroTik Wiki page:
http://wiki.mikrotik.com/
 
csickles
Forum Guru
Forum Guru
Posts: 1255
Joined: Fri May 28, 2004 8:46 pm
Location: Phoenix, AZ
Contact:

Wed Jun 21, 2006 6:33 pm

I think I saw that this is an exchange 2003 server?
If so, use "HOST HEADERS"

you can publish infanate number od websites/domains on one IP and one port..

But keep in mind two things...

1) A valid DNS record MUST exist
2) Sites can only be called via name NOT IP

I think it works for http and https..

IE http://server.com
HTTPS://server2.com

should be able to reside on the same box at the same IP
(Ports will change as we all know..)

This should work out of the box..

I use it here and host multiple intranets on one server with one IP address.

Craig
 
tinus
just joined
Posts: 16
Joined: Thu Oct 27, 2005 9:01 pm

no https connection

Wed Jun 21, 2006 9:39 pm

Transparent web proxy not support https connection, it only work in http connection.
 
ahlai
newbie
Topic Author
Posts: 29
Joined: Sat May 27, 2006 8:07 am

Re: use web proxy (for http only)

Thu Jun 22, 2006 3:20 am

It's only work for http connection not https connection.

1. First Configure your web proxy
/ ip web-proxy
set enabled=yes src-address=0.0.0.0 port=8080 hostname="your.proxy" \
transparent-proxy=yes parent-proxy=0.0.0.0:0 \
cache-administrator="webmaster" max-object-size=4096KiB cache-drive=system \
max-cache-size=unlimited max-ram-cache-size=unlimited
/ ip web-proxy access
add dst-port=23-25 action=deny comment="block telnet & spam e-mail relaying" \
disabled=no
add dst-port=80 action=allow comment="Enable Http Connection" disabled=no

2. Configure Static DNS of domains to resolve to internal ip
/ip dns static add name=123.com address=192.168.0.2
/ip dns static add name=abc.com address=192.168.0.3
/ip dns static add name=456.com address=192.168.0.4
/ip dns static add name=www.123.com address=192.168.0.2
/ip dns static add name=www.abc.com address=192.168.0.3
/ip dns static add name=www.456.com address=192.168.0.4

3. Configure NAT to redirect traffic to webproxy
(i.e. your public ip address is xxx.xxx.xxx.xxx)

/ip firewall nat
add chain=dstnat in-interface=outside dst-address=xxx.xxx.xxx.xxx protocol=tcp \
dst-port=80 action=redirect to-ports=8080 comment="" disabled=no



The traffic for 123.com will be like this
The web proxy will redirect traffic to the 123.com internal ip address which is 192.168.0.2

Internet --> xxx.xxx.xxx.xxx:80 ---> xxx.xxx.xxx.xxx:8080 --> 192.168.0.2:80

I hope this would be helpful
it's a good idea!
thanks a lot.

Who is online

Users browsing this forum: escape214, Techsystem and 21 guests