# Best way to forward traffic to multiple jails for two domains?



## osx-addict (Mar 22, 2009)

Hi all..

Things are progressing on my FreeBSD installation.. Now, I've got to deal with web/mail traffic for two domains.  For the mail, I was just planning on forwarding any traffic using the /etc/aliases file to my primary domain's mail system (sendmail) and deliver it that way (or use the local-domains file).  If someone else has a suggestion to make this cleaner and run two mail servers -- one for each domain, that would be great!

However, web traffic is different.. If I have two jails running the web services for the two domains and neither know about each other, what's the best way to forward traffic to each jail as needed similar to Apache's name based virtual hosting feature.

If it helps, I'm using a Cisco (with advanced services) router if anyone is aware of a way to do routing/port forwarding that way..

Thx!


----------



## danger@ (Mar 22, 2009)

Don't know anything about your jails setup, so the first (and most important) question is whether your jails have public IPs.


----------



## osx-addict (Mar 22, 2009)

Currently I've got the following setup:

HostOS ip=10.0.1.197 (provides 'real' login accounts, file storage,etc)
Jail #1 ip=10.0.1.198 NATted public interface for mail
Jail #2 ip=10.0.1.199 needs to be public interface for domain #1's www content
Jail #3 ip=10.0.1.200 needs to be public interface for domain #2's www content (and possibly mail too)

Cisco apparently has something called Zone-based policy firewall that _might_ help if nothing else pans out.. I've still got research to do on that end..

All NAT'ing is done currently by the Cisco router -- not currently using PF or otherwise in FreeBSD.


----------



## danger@ (Mar 22, 2009)

ok, I don't really know what you are trying to do, and since it is not clear to me whether you are going to host those web sites to public (i.e. you want to have them accessible through internet) or just your Intranet (10.0.1/whatever) two alternatives come to my mind.

In case you are hosting for your intranet, set up dns for domains to point at the specific jail ip. This is the easiest way.

In case you are going to host to internet, you can point DNS records to your jail-host. Then you will install on your host an application capable of providing reverse-proxy services. This can be done throufg mod_proxy which is available in Apache as well as for example lighttpd, or, you can install Varnish to also get a caching solution.


----------



## osx-addict (Mar 22, 2009)

Thanks.. The last two jails will be available via the Internet but only for web traffic and the 2nd will also have mail.  I realize that I can use Apache, perhaps Squid and others to do the traffic proxing for the web stuff but it would be nice to find something that will do it for the mail stuff as well.. I'll look into Varnish which sounds similar to Squid from the comment you indicated..


----------



## danger@ (Mar 22, 2009)

For mail, you can configure postfix to "proxy" the designated emails to different host, see the transport(5) man page. There may be a similar thing in sendmail too.


----------



## DutchDaemon (Mar 22, 2009)

There is (mailertable).

e.g.

domain.com    relay:some.host.com
domain2.com   relay:[123.123.123.123]


----------



## osx-addict (Mar 22, 2009)

Thanks guys!  The sendmail Mailertable feature sounds like what I'm looking for.  For now just to get things going, I was thinking about setting up a 3rd installation of Apache just to use it for the name-based virtual host stuff or try my hand at Squid or Varnish..


----------

