One public ip address used by two servers, one of which has Moodle running? Please help!

One public ip address used by two servers, one of which has Moodle running? Please help!

by Jan Dierckx -
Number of replies: 5

Our school recently installed a linux server (Lucas) that is used as a fileserver, mailserver, proxyserver and firewall. The machine comes with a limited version of PHP, so we can't run Moodle on it. I want to attach a separate LAMP server (Marcus), just to run Moodle on it. We have received a public ip address, so it is possible to access Lucas from home. I can access Marcus from inside the school: the ip is 192.168.250.195 and I can also reach Marcus if I use SSH to tunnel the traffic.

Then I used the following rule to redirect the traffic. This was working , but was really slow.

 Action  Source  Destination      Protocol  Destination port(s)  
 DNAT    net  loc:192.168.250.195    tcp      http

Lucas has 3 network cards, so I read something about it being possible to use a DMZ. Would this be faster?

How do I setup iptables or firewall to make sure all the requests coming in from the internet on port 80 are redirected to the Marcus machine with internal ip 192.168.250.195 ?

I am really new to all of this network stuff. So if you are missing important information (or I am missing important bits), please tell me, and I will provide more information.

Average of ratings: -
In reply to Jan Dierckx

Re: One public ip address used by two servers, one of which has Moodle running? Please help!

by Janne Mikkonen -
Picture of Core developers
http://www.debian-administration.org/articles/73

Average of ratings: -
In reply to Janne Mikkonen

Re: One public ip address used by two servers, one of which has Moodle running? Please help!

by Jan Dierckx -
Thanks Janne, that looks exactly like what we intend to do. I will try it as soon as I get permission to mess with the school network again. wink
Average of ratings: -
In reply to Jan Dierckx

Re: One public ip address used by two servers, one of which has Moodle running? Please help!

by Iñaki Arenaza -
Picture of Core developers Picture of Documentation writers Picture of Peer reviewers Picture of Plugin developers
You can use DNAT like you are currently doing, or you can use Apache's mod_proxy in Lucas and proxy-reverse your Moodle from Marcus. This has a little drawback: you loose the original cliente IP. If this is important for you and you don't intend to run any web site in Lucas, then go the DNAT route.

By the way, using a DMZ setup won't be any faster (you'll be using the same DNAT trick).

Saludos. Iñaki.
Average of ratings: -
In reply to Iñaki Arenaza

Re: One public ip address used by two servers, one of which has Moodle running? Please help!

by Jan Dierckx -
Iñaki, thanks for telling me about DMZ not being any faster.

I don't think I can add modules to Apache (or PHP) on Lucas. The Lucas machine comes with a preinstalled Linux: no package manager and not even a compiler. I planned on running Moodle on Lucas, but with no zlib or GD installed this turned out to be impossible.

Will it help if we put both server in the same location?
At the time I tested the DNAT solution, both machines were several rooms apart connected through the schoolnetwork. Maybe this caused it to be slow. I know we still use hubs in some places of the network.

Is it possible to directly connect Marcus to Lucas using Lucas' third network card? Or will this automatically mean that we use DMZ? (MMM, I don't really understand this network stuff mixed)
Average of ratings: -
In reply to Jan Dierckx

Re: One public ip address used by two servers, one of which has Moodle running? Please help!

by Iñaki Arenaza -
Picture of Core developers Picture of Documentation writers Picture of Peer reviewers Picture of Plugin developers
Putting the both servers in the same location and using the third network card to connect them will surely speed things up.

As to whether this would be a DMZ or not, it depends on your firewall configuration in Lucas. DMZ is not something magical that makes things safer or faster. It's just a separate part of your network (from the security point of view) that you treat as more exposed and less trustable than your internal network.

Saludos. Iñaki.
Average of ratings: -