[150232] in North American Network Operators' Group
Re: Common operational misconceptions
daemon@ATHENA.MIT.EDU (Jimmy Hess)
Sun Feb 19 20:10:40 2012
In-Reply-To: <825545E3-D383-49FB-A15F-3565A3A504C5@delong.com>
Date: Sun, 19 Feb 2012 19:09:49 -0600
From: Jimmy Hess <mysidia@gmail.com>
To: Owen DeLong <owen@delong.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Sun, Feb 19, 2012 at 6:24 PM, Owen DeLong <owen@delong.com> wrote:
> I have 15 FTP servers and 22 web servers behind it.
> I want people to be able to go to ftp://<hostname> and/or http://<hostname> for each of them.
For HTTP; You put a device on that one IP that will accept each TCP
connection, await the SNI or Host header from the client, and then
make/forward the connection to a proper server for that hostname.
The public IP address belongs to the FTP/HTTP "service" instead of
belonging to a server.
For FTP, send to a desired FTP server based on the login username or
otherwise make a SRV record for the _ftp service for each hostname,
and set aside a TCP port for each FTP service's control connection.
The ftp://user@<hostname> approach or the
ftp://user@<basehostname>/<hostname>/ is probably more convenient
than ftp://<hostname>:<1234>, since many clients do not support SRV
records.
The problem is with the FTP protocol not supporting virtual hosting,
though; this missing FTP feature is not a NAT problem per se.
The VHOST problem was solved with HTTP a long time ago.
It's just that FTP is a lot less popular / fell into some disuse, so
the deficiency (lack of virtual hosting support) was never
corrected -- and the protocol hasn't had a single update in a long
time.
So you'll have to have a workaround to do 15 FTP servers with one
global IP, because your circumstance is so unusual, that's just
life.
--
-JH
