# Best way to serve multiple jails, single IP?



## BillA (Feb 13, 2011)

Hello, thanks in advance for the help.

I have successfully implemented several jails running on multiple public IPs. This was easy. 

Now, I am looking at hosting a bunch of websites that need only http and outgoing sendmail services. I hope to find some way to send each domain to an individual jail. 

So it would be 

```
public IP: 98.xxx.
domainA.com <192.0.0.1>
domainB.com <192.0.0.2>
ClientA <192.0.0.3>
```
etc.

What is the best way to implement this? Through a reverse proxy on 98.xxx, or using PF and NAT translation? Can it be done with IPFW?

From what I'm reading, it seems like the simplest solution would be using Nginx to reverse proxy the http requests, but then any outgoing mail is trapped.

I'm a bit stumped and would be grateful for any insight you may have. 
Thank you!
Bill


----------



## rhyous (Feb 13, 2011)

What you need is a Layer 7 filter.  So you can filter packets directed to http://www.domain1.tld to one of you internal IPs, and packets directed to http://www.domain2.told to a separate internal IP, etc...

I just googled for Layer 7 filter...I didn't see something right away...maybe this:
http://l7-filter.sourceforge.net
http://lists.freebsd.org/pipermail/freebsd-net/2008-July/019086.html


----------



## gordon@ (Feb 14, 2011)

You can use reverse proxies on an HTTP process running on the production IP that forwards everything for that domain to an internal IP'd jail. You can just NAT the sendmail or use mailertable setups to bounce through the external IP address.


----------



## BillA (Feb 15, 2011)

Thank you, I'll give it a shot.


----------



## rbelk (Feb 15, 2011)

BILLA, check out the port www/pound. It is a reverse proxy that I have used before. It's very easy to configure also. If you need an example config just PM me.


----------



## gordon@ (Feb 15, 2011)

Apache also can serve as a reverse proxy. I'd recommend it if you are comfortable using Apache.


----------



## BillA (Feb 16, 2011)

Thanks! I am very comfortable with Apache. I tried out Pound yesterday and was pleased at how easy it was to configure.


----------

