Monday, November 25, 2024

Re: Assign domain name to client vm

* Mike Larkin <mlarkin@nested.page> le [25-11-2024 08:44:05 -0800]:
> On Mon, Nov 25, 2024 at 11:37:33AM +0100, prx wrote:
> > Hi,
> > I can't figure out how to assign a domain name to a client vm.
> > What I need to do is to redirect traffic on the appropriate vm according to the domain name.
> >
> > i.e.
> >
> >
> > +--MY SERVER VM'S--+
> > | |
> > -------> foo.tld -------> foo |
> > INTERNET -------> bar.tld -------> bar |
> > -------> els.tld -------> els |
> > | |
> > +------------------+
> >
> > So far, I have this not-working setup:
> >
> > ```/etc/vm.conf:
> > # something like in FAQ
> > switch "my_switch" {
> > interface veb0
> > }
> >
> > vm "foo" {
> > memory 512M
> > disable
> > disk /var/vms/foo.qcow2
> > owner me
> > interface { switch "my_switch" }
> > }
> > ```
> >
> > As specified in FAQ, I added veb0 and vport0 interfaces:
> > ```
> > # cat << END > /etc/hostname.vport0
> > inet 10.0.0.1 255.255.255.0
> > up
> > # cat << END > /etc/hostname.veb0
> > add vport0
> > up
> > END
> > # sh /etc/netstart vport0
> > ```
> >
> > My vm has the address 10.0.0.2 and can ping its gateway 10.0.0.1.
> >
> > ip forwarding is enabled:
> >
> > ```/etc/sysctl.conf
> > net.inet.ip.forwarding=1
> > ```
> >
> > Now I'm trying to use a binat-to rule in pf.conf, but I must miss something here:
> >
> > ```
> > int_if = "vport0"
> > ext_if = "egress"
> >
> > match on $ext_if from 10.0.0.2 to any binat-to foo.tld
> >
> > match out on $int_if from any to 10.0.0.2 \
> > received-on $ext_if nat-to $int_if
> >
> > pass on $int_if
> > pass on $ext_if
> > ```
> >
> > Do you have any advice to realize such task, maybe in a more clever way?
> >
> > Regards.
> > prx
> >
>
> I do something like this locally for 3 VMs that serve http/https. I use relayd
> on an ingress VM which terminates TLS (and has the certificates for the hidden
> domains), and forwards the traffic to the VMs behind the ingress.
>
> Is this what you want to do, or are you looking for something
> non-http/non-https?

Hi,

Thank you for the answers.

actually, I was aware of relayd and how to to this for http.
I'm looking for something generic : redirect all request for a domain into a VM. SSH, SMTP, HTTP, whatever.
My ISP give me only one IP, so I guess I'm stuck here.

Regards.

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)