Linux-VServer The Best Way to provide Virtual Dedicated Servers on Linux #7

Single Public IP Issue

If you have only one public IP address, you can use iptables to do SNAT(masq) and DANT(port forwarding) for vservers.

Here is an example for doing such things by shorewall:

zones:
net     Net             Internet
dmz     DMZ             Demilitarized zone for VServers

policy:
fw              net             ACCEPT
net             all             DROP            info
dmz             net             ACCEPT
net             dmz             ACCEPT
all             all             REJECT          info

interfaces:
net     eth0            detect          routefilter,nobogons,tcpflags,nosmurfs

hosts:
dmz             eth0:10.0.0.0/24

masq:
eth0            10.0.0.0/24           140.109.13.50

Note:140.109.13.50 is real eth0's public IP address

routestopped:
eth0

rules:
AllowSSH	net	fw
DNAT		net	dmz:10.0.0.1:22	tcp	1022	-	140.109.13.50
DNAT		net	dmz:10.0.0.2:22	tcp	2022	-	140.109.13.50
Copyright © 2005 Taiwan Debian Users Group