Re: Assign domain name to client vm

Tue, 26 Nov 2024 00:15:48 -0800 

* Mike Larkin <mlar...@nested.page> le [25-11-2024 08:44:05 -0800]:
> On Mon, Nov 25, 2024 at 11:37:33AM +0100, prx wrote:
> > Hi,
> > I can't figure out how to assign a domain name to a client vm.
> > What I need to do is to redirect traffic on the appropriate vm according to 
> > the domain name.
> >
> > i.e.
> >
> >
> >                              +--MY SERVER VM'S--+
> >                              |                  |
> >          -------> foo.tld -------> foo          |
> > INTERNET -------> bar.tld -------> bar          |
> >          -------> els.tld -------> els          |
> >                              |                  |
> >                              +------------------+
> >
> > So far, I have this not-working setup:
> >
> > ```/etc/vm.conf:
> > # something like in FAQ
> > switch "my_switch" {
> > interface veb0
> > }
> >
> > vm "foo" {
> >     memory 512M
> >     disable
> >     disk /var/vms/foo.qcow2
> >     owner me
> >     interface { switch "my_switch" }
> > }
> > ```
> >
> > As specified in FAQ, I added veb0 and vport0 interfaces:
> > ```
> > # cat << END > /etc/hostname.vport0
> > inet 10.0.0.1 255.255.255.0
> > up
> > # cat << END > /etc/hostname.veb0
> > add vport0
> > up
> > END
> > # sh /etc/netstart vport0
> > ```
> >
> > My vm has the address 10.0.0.2 and can ping its gateway 10.0.0.1.
> >
> > ip forwarding is enabled:
> >
> > ```/etc/sysctl.conf
> > net.inet.ip.forwarding=1
> > ```
> >
> > Now I'm trying to use a binat-to rule in pf.conf, but I must miss something 
> > here:
> >
> > ```
> > int_if = "vport0"
> > ext_if = "egress"
> >
> > match on $ext_if from 10.0.0.2 to any binat-to foo.tld
> >
> > match out on $int_if from any to 10.0.0.2 \
> >         received-on $ext_if nat-to $int_if
> >
> > pass on $int_if
> > pass on $ext_if
> > ```
> >
> > Do you have any advice to realize such task, maybe in a more clever way?
> >
> > Regards.
> > prx
> >
> 
> I do something like this locally for 3 VMs that serve http/https. I use relayd
> on an ingress VM which terminates TLS (and has the certificates for the hidden
> domains), and forwards the traffic to the VMs behind the ingress.
> 
> Is this what you want to do, or are you looking for something
> non-http/non-https?

Hi,

Thank you for the answers.

actually, I was aware of relayd and how to to this for http.
I'm looking for something generic : redirect all request for a domain into a 
VM. SSH, SMTP, HTTP, whatever.
My ISP give me only one IP, so I guess I'm stuck here.

Regards.

Reply via email to