# two jails and one public IP



## alphaer (Jan 12, 2009)

Hi!

In the server with public IP 80.80.111.112  for example
I make two jails with internal IP and hostnames:

jail1.site.com  10.10.10.1
jail2.site.com  10.10.10.2

in rc.conf:
--------
jail_JAIL1_hostname="jail1.site.com"
jail_JAIL1_ip="10.10.10.1"
...
jail_JAIL1_hostname="jail2.site.com"
jail_JAIL1_ip="10.10.10.2"
--------

jails works nice.

In public DNS jail1.site.com and jail2.site.com are resolved to
80.80.111.112, where the jails are running.

Is the way to redirect all connects via jail1.site.com, jail2.site.com from public net to appropriate jails?

i.e.:
jail1 and jail2 have apache and ftp servers running both.
I wish 
$ftp jail1.site.com   
from inet and just be automatically redirected to talk with jail1
$ftp jail2.site.com
from inet and just be automatically redirected to talk with jail2
or 
$telnet jail1.site.com 80
from inet and just be automatically redirected to talk with jail1

Also about jail2.

may I setup jails anyhow to do like this?


----------



## anomie (Jan 12, 2009)

I don't have experience setting this up in the manner you describe, but I'd imagine you want natd(8).


----------



## brd@ (Jan 12, 2009)

I use PF to do this and bind them to the loopback interface and add extra IPs like 127.0.0.2 and 127.0.0.3.


----------



## alphaer (Jan 13, 2009)

2 anomie  
How I think, natd is very usable in the manner 

Inet->ROUTER----> http server (jail1.site.com)
            ----> ftp server  (jail2.site.com)
            ----> mail server (jail3.site.com)

But I have setuation:
Inet->ROUTER----> http,ftp,mail (jail1.site.com)
            ----> http,ftp,mail (jail2.site.com)
            ----> http,ftp,mail (jail3.site.com)

And I cant see how can I do it via nat. Please help me if you can

2 brd@
Please van you descripe me how are you doing it?


----------



## braveduck (Jan 15, 2009)

alphaer said:
			
		

> In public DNS jail1.site.com and jail2.site.com are resolved to
> 80.80.111.112, where the jails are running.
> 
> Is the way to redirect all connects via jail1.site.com, jail2.site.com from public net to appropriate jails?
> ...



You can't do it for both ftp and http requests just because the nature of the file transfer protocol. In HTTP we have 'Host' header, which tells the server what 'site' clients want to get. 
This nice thing let us host multiple sites on a single ip.

In the case of your jail setup you could have nginx or lighttpd running on the host system (i.e. listening on 80.80.111.112) and proxying request to appropriate jail, depending on the site a client want to get.

Here is an example of nginx.conf suitable for this:


```
server 
{
        listen       80;
        server_name  jail1.site.com;

        access_log  /home/logs/jail1.log

        location / {
                proxy_pass        http://10.10.10.1:81/;
                proxy_set_header  X-Real-IP  $remote_addr;
        }
}
```

When it comes to ftp, it's not that funny - ftp doesn't have a 'Host' header, client ftp program just resolves the name you gave to it into an ip address and queries the ip it got on the default port. In your case both domains resolve into the same ip, and that's it.


----------

