Forwarding multiple web servers on same port

Hello Level1Techs Forum,

I would like to forward multiple web servers to the internet. My problem is that these servers have different internal IP addresses and to my knowledge I can not assign multiple IP addresses to port 80 and 443 (or any port).

My desire is to have the Web Interface from multiple servers (IPMI and FreeNAS), switches, etc. accessible over the internet.

I want to emphasize that this IS NOT for load balancing purposes, I want to have a way to control which specific web server I access. Everything I can find relating to this topic brings up how a load sharing service would send me to a random server or something.

With that said, I have tried forwarding the servers to different ports (like ip:21810 for example) and that does not work, it seems I can only use port 80 or 443 for the browser to load the page.

I am greatly appreciative of any help, thank you.
If you have any questions please feel free to as ask, I don’t really know too much about what I’m talking about so I’m sure my description is not the best.

IPMI over the internet? That is a VERY bad idea in almost every case.

So you are forwarding port 80(or 443) on a server LAN IP to port 8080 on your public internet IP, then trying to access it with “internet ip”:8080 ? Then repeating with a different internet ip port and lan server IP?

That should work.

It is not possible to have multiple web servers on the same port and IP address. You also could look into getting multiple IP address from your ISP.

1 Like

I have to agree with @TheCakeIsNaOH @amessmann the IPMI protocol opens your network to all attacks for malware and viruses. It also opens up your network to a lot of security risks. There are ways to lessen the risks but you can’t be completely risk-free. I am currently studying for my Cisco CCNET and my CCNA certification, so if you have any questions or want to discuss this subject matter (this is my favorite subject matter to discuss, it is why I am currently pursuing my Networking carrier) If there is anything I don’t know I know people that do this for a living that would be able to help answer your questions. If you have questions or want to know more but don’t feel like posting your question in your post, Feel free to privet message me by clicking on my icon and selecting the message button.

I’ll eschew the warnings that the others have offered.

You can do this with a prerouting nat using iptables:

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 8080 -j DNAT --to 192.168.0.1:21810

The above example, assuming eth0 is your public interface, will take traffic on port 8080 and forward it to 192.168.0.1 on port 21810.

apache will pickup connections on port 80 and depending on the inbound address proxy it. i know it works on the same system very well with localhost:port but im sure it can be used this way also. it also has forward, at the worst you can have it forward to another address and append port.

i would try proxy and see if the proxy is running thru the system its self hosting apache, if so its likely that you could have something like below reach out of the system hosting your port 80 and pull from a server next to it

<VirtualHost *:80>
    ProxyPreserveHost On
    ProxyRequests Off
    ServerName main.site.tech
    ServerAlias main.site.tech
    ProxyPass / http://localhost:9001/
    ProxyPassReverse / http://localhost:9001/
</VirtualHost>

<VirtualHost *:80>
    ProxyPreserveHost On
    ProxyRequests Off
    ServerName seed.site.tech
    ServerAlias seed.site.tech
    ProxyPass / http://localhost:9002/
    ProxyPassReverse / http://localhost:9002/
</VirtualHost>

<VirtualHost *:80>
    ProxyPreserveHost On
    ProxyRequests Off
    ServerName newserv.site.tech
    ServerAlias newserv.site.tech
    ProxyPass / http://10.0.0.16:80/
    ProxyPassReverse / http://10.0.0.16:80/
</VirtualHost>

i pulled this from a running config with 6-8 hosts on subdomains / ports. non of them need ports in the address, its all done by apache

Danger, Will Robinson!

I’d recommend setting a reverse proxy behind your router and only exposing that unit to the internet. A raspberry pi would work great for that purpose, unless you have a lot of traffic on your site, in which case an actual web server could double as the proxy.

Nginx is great for proxying. In your server block, all you’d have to do is add a location for each of your servers, like so:

location / {
	proxy_pass https://servername:80;
}

location /freenas {
	proxy_pass https://servername:81;
}

etc…

I’d recommend using HTTPS internally, unless all your servers are on a separate V/LAN from your home network.

1 Like

For this sort of thing It would be more secure to use a vpn to connect to your home network and then access these pages. But as others have said you can do this with a proxy.

1 Like

this, you really should not have network stuff allowed via http/s thats vpn login first…

@Dexter_Kane

I wouldn’t recommend it even though it’s exactly what he asked for. VPN is much better idea.

2 Likes