single Public IP multiple FQDN multiple internal IPs

Issues related to applications and software problems
Post Reply
sunagui
Posts: 2
Joined: 2020/11/10 00:45:53

single Public IP multiple FQDN multiple internal IPs

Post by sunagui » 2020/11/10 01:26:31

Ok, so I've been researching for the last 3-4hrs with no resolution to my issue - as in I can't find anything out there that is similar.

Here's my scenario:

I have one static PUBLIC IP, goes into an ASA5520 which has multiple networks attached. I do have an internal DNS server (well, two of them; one for actual dns lookups and one that blocks ads) that ALL networks communicate with. It is running CentOS Linux release 7.5.1804 (Core) and BIND 9.11.4-P2-RedHat-9.11.4-9.P2.el7 (Extended Support Version) <id:7107deb>. I have multiple web servers on multiple networks. I can create NATs and firewall rules to allow specific traffic between networks if/when needed. It is important to keep all these networks separated for security, and to only allow specific traffic as needed between servers.

What I have with DNS servers:

DNS resolution path is as follows:
INTERNET <==> ASA5520 <==> DNS2 <==> DNS1 <==> All internal network traffic from all internal networks.

DNS1 (dnsmasq) caching server and ad block server which then sends all passing requests to DNS2 (BIND) goes to the internet (assuming the IP isn't blacklisted in the ASA5520) for any unknown requests, it also does the internal network resolution for local servers.

Network Topology:

INTERNET
========
port1
========
ASA5520
========
port2 | port3 | port4 | port5 | port...
===============================================
network1 | network2 | network3 | network4 | network...

Here is what I need:

"fqdn routing server" (assuming I need one) will reside on network1. I was looking into Apache's virtual server options, but from what I see it only does internal fqdn routing, not external.

mail.fqdn1.com ==> PUBLIC IP ==> (assuming fqdn routing server) ==> network2 ==> webserver2a
mail.fqdn2.com ==> PUBLIC IP ==> (assuming fqdn routing server) ==> network2 ==> webserver2b
mail.fqdn3.com ==> PUBLIC IP ==> (assuming fqdn routing server) ==> network2 ==> webserver2c
social1.fqdn1.com ==> PUBLIC IP ==> (assuming fqdn routing server) ==> network3 ==> webserver3a
social2.fqdn2.com ==> PUBLIC IP ==> (assuming fqdn routing server) ==> network3 ==> webserver3b
social3.fqdn3.com ==> PUBLIC IP ==> (assuming fqdn routing server) ==> nework3 ==> webserver3c
sub.fqdn3.com ==> PUBLIC IP ==> (assuming fqdn routing server) ==> network4 ==> webserver4a
sub.fqdn4.com ==> PUBLIC IP ==> (assuming fqdn routing server) ==> network4 ==> webserver4b
sub.fqdn5.com ==> PUBLIC IP ==> (assuming fqdn routing server) ==> network5 ==> webserver5a

Now, these examples are more excessive than what I actually need, but I am planning for future expansion. Network 1 is my CORE network where most items reside, network2 is my mail servers network, and network3 is my social media servers network, network4 is for PBX phone systems, network5 is for all beta testing prior to moving into prod. All networks will have servers that have http and https available. Two networks will always have any service available (network? and newtork5) as network5 is testing.

Any resolution (preferably with examples) would be much appreciated.

Thank you,



S. Aguilar

User avatar
TrevorH
Forum Moderator
Posts: 29915
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: single Public IP multiple FQDN multiple internal IPs

Post by TrevorH » 2020/11/10 10:19:57

It is running CentOS Linux release 7.5.1804 (Core)
so it's only missing the last 2.5 years worth of security patches then!

yum update
CentOS 6 will die in November 2020 - migrate sooner rather than later!
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 is dead, do not use it.
Full time Geek, part time moderator. Use the FAQ Luke

BShT
Posts: 370
Joined: 2019/10/09 12:31:40

Re: single Public IP multiple FQDN multiple internal IPs

Post by BShT » 2020/11/10 12:08:16

if you have 1 public IP you can´t set port 443 for a.com to host A and b.com to host B unless you proxy it with haproxy or zen balancer, etc

you can proxy or you can change port

sunagui
Posts: 2
Joined: 2020/11/10 00:45:53

Re: single Public IP multiple FQDN multiple internal IPs

Post by sunagui » 2020/11/10 17:13:29

BShT wrote:
2020/11/10 12:08:16
if you have 1 public IP you can´t set port 443 for a.com to host A and b.com to host B unless you proxy it with haproxy or zen balancer, etc

you can proxy or you can change port
So, haproxy or zen balancer can direct traffic based on the fqdn? I'll have to investigate them further then.

BShT
Posts: 370
Joined: 2019/10/09 12:31:40

Re: single Public IP multiple FQDN multiple internal IPs

Post by BShT » 2020/11/10 18:05:59

even a proxied apache can do that but haproxy is easier and you can balance

Post Reply

Return to “CentOS 7 - Software Support”