How to steer public traffic to a jail
Ernie Luzar
luzar722 at gmail.com
Fri Aug 14 14:27:04 UTC 2020
Steve O'Hara-Smith wrote:
> On Fri, 14 Aug 2020 08:59:27 -0400
> Ernie Luzar <luzar722 at gmail.com> wrote:
>
>> Steve O'Hara-Smith wrote:
>>> On Fri, 14 Aug 2020 08:08:09 -0400
>>> Ernie Luzar <luzar722 at gmail.com> wrote:
>>>
>>>> I have 4 registered domain names, one for each jail. How do I get
>>>> [ALL] public traffic to a domain name directed to the desired jail?
>>> Do you have four public IP addresses to go with them ? If not
>>> what sort of "public traffic" are you talking about just http/s or other
>>> protocols ?
>>>
>> [ALL] means everything.
>
> OK.
>
>> Host and each jail have own website, email, ftp, ssh services plus what
>> ever the owner of the jail wants to install.
>
> For that the jail needs it's own public IP address.
>
>> Tagging a port number on the end of the domain name is not a option.
>
> No, because you need each one to have ports 21, 22, 25 ... open
> independently.
>
>> Host that jails are on has just single public ipv4 address.
>
> In that case there's only one set of public ports. You *can* run
> some services on non-standard ports but email won't for one. You're SOL
> unless you can get more public IP addresses to use.
>
>> My ISP has not enabled ipv6 yet.
>
> If IPv6 addresses will do for public then you can always tunnel an
> IPv6 connection from Hurricane Electric - it's free and you get a /64 and
> if you want it a /48 to use. I think they're the only tunnel broker left
> that still provides tunnels on request.
>
So what I hear you saying is there is only one set of official port
numbers. That any port can only be used one time. [IE; if host is using
port 22 then it can not be used in a jail.] This method requires the
host firewall to forward the inbound port number to a jails internal
private ip address after the fqdn directs the traffic to the hosts
single ipv4 address. Which most likely is a home type of ISP account
having a dynamic ip address.
Another conclusion is that for jails to be the target of public traffic
containing their own set of the official port numbers, the host must
have multiple public ipv4 address assigned to it with each unique fqdn
using one of the public ip address. That means a business type of ISP
account which is expensive with additional fees for each additional
static ip addresses needed.
Is my understanding correct?
More information about the freebsd-questions
mailing list