I have a network on which I run multiple servers each dedicated to a given service.
Because most services run on distinct ports I'm currently looking for a way of unifying "all" services into a single "proxy" machine. The idea is to abstract which machine is being accessed but still allow direct connection if needed/requested.
This "proxy" machine has only one network interface which is part of the same network as all the other service providing machines.
I've looked into Routing and NAT but I've so far failed to figure out how to make it work. I tried to achieve this using shorewall but couldn't find clear examples. However I'm not entirely sure this is the best/simplest strategy.
With that said, what would be the best way of achieving this result?
Example case:
Proxy IP - Listening port - Send requests to
192.168.0.50 80 (http) 192.168.0.1:80
" 22 (ssh) 192.168.0.2:2222
" 3306 (mysql) 192.168.0.3:3000
" 5432 (postgres) 192.168.0.4:5432
" 5222 (jabber) 192.168.0.5:5222
PS: I'm not concerned with the single-point-of-failure nature of the proxy.
Thanks
You would need to reverse-proxy the connections, which is not supported by all protocols (SSH for instance). Rather than creating this single point of failure, I'd suggest to add service-specific
CNAMErecords pointing to the respective servers in DNS.As Ansgar has said you need to use a reverse proxy, Haproxy can do this and more. with very few resources
Please note:
I think Ansgar had intended for you to use DNS SRV records, They allow you to resolve dns entries too ip port.
http://en.wikipedia.org/wiki/SRV_record
Update
I would recommend you calculate the combined bandwidth of all services if this is below the maximum throughput of the intended proxy hosts network interface(s) it should be mostly ok, some network IO tuning would probably be required.