How do I forward external IP to internal IP?

[vmajor]

Just out of curiosity, why 2 separate webservers?

I used to run 3 web servers and an ERP system all on the same host, the already mentioned Ubuntu 10.04 machine. For various reasons, including malicious intent from script kiddies migrating to VMs for each IP was an amazingly robust solution for present and future problems - VMs are also portable and as such I think of our setup as running custom appliances, not web/erp servers.

With our current routing setup using Vyatta I am able control the ports on the VMs that are necessary for their operation and make all other ports not closed, but entirely unavailable due to the lack of a routing path.

I want to migrate to Zentyal as I like the ease of administration of our 2.7.7 Zentyal machine in our office location, but I now see that perhaps fixing what I do not like with my current setup may be a simpler path than migrating the Ubuntu 10.04 host to Zentyal 3.0 as this server location has different needs - VM hosting versus running an office environment.

[half_life]

I let christian run with this but here is my 2 cents.  When running multiple virtual machines that have a public IP in my opinion the best way to handle it is to bridge the two physical NICs (internal and external) and attach each virtual machine to those bridges.  If you are interested,  I will take my 2.2 VM through the process of setting it up as I describe and provide some explanation here.  I went a slightly different route,  I have zentyal setup as a virtual machine and bridged to both physical nics (internal and external)  I have Zentyal as the gateway with one fixed IP.  I have other vms that have public facing services with their own fixed IPs.  Machines that only provide internal services only are bridged to the internal bridge.  I host a schools' band website that has no internal bridge only a public one.  Just let me know what your preference is and I will accomodate.  I really feel that the zentyal product is a strong one and would hate to see someone walk away without trying the options.

[vmajor]

@half_life, sure please tell me how to set up my scenario using the bridging method. I would prefer to run Zentyal 3.0 if possible as that was my preferred direction before it all seemingly became too hard.

Thanks,

V.

[half_life]

First you must do this at the local console not remote.
Login and start zentyal administration(web browser on local console).
Login and navigate to Network-->interfaces.
   You will see a tab for each network card installed on the machine. We will use eth0 for this example.
Below the name you will see a pull down labeled method.
  Click it and select bridged.
  Click Change.
  Click Save at the top right.
Wait for Zentyal to process this change.
Navigate back to Network--interfaces.
 You will see a new interface called br1. Click on it.
 This will be Zentyals connection to the now shared Eth0.
 Change the method to dhcp or fixed(probably) and punch in the info that you would for zentyals (formerly eth0) connection    in the network.

Moving on to the Virtual machine navigate to its settings.
Select Networking.
Click add new.
Type bridged.
Select br1.
Now you have shared the Eth0 connection between Zentyal and a virtual machine.
You may setup the particulars of that connection within the virtual machine (it will show up as the first network connection unless you re-order the list).

You repeat this for every virtual machine that needs a connection via eth0.

Replicate the above steps for any network card that you need to share the connection with. 

I skipped screen shots and I can't actually start the virtual machines here (virtual machine within a virtual machine) but I think you will get the idea.

[half_life]

I used 2.2 for this but 3.0 is not that different.

[half_life]

I was rereading your earlier posts to make sure I had covered your concerns when I noticed you talking about having tried bridging already.  Let me clear something up for you.  A bridge in this context is like a virtual switch.  You setup your physical nic as a bridge and then plug in everything that needs it.  Zentyal needs a connection itself so that is why the new interface shows up in the networking section(brX). From the perspective of the virtual machine, all logical connections to bridged interface look like a network interface card. 

Did this help any?

[vmajor]

Hi half_life,

in your example is eth0 inward facing or outward (WAN)?

I had indeed tried bridging from the local console and could create br1 on eth0 (set up as WAN, outward facing on the Zentyal 3.0 box). The problem with this is that I can only assign one external IP to br1 and if I then added the other fixed IPs to br1 as virtual interfaces, the WAN connection dropped.

I will try this again in two weeks time...I am traveling from Saturday so no local access...

Thanks for helping!

V.

[half_life]

In my example it was inward facing.  If you are running virtual machines then you assign the IPs to the virtual machines themselves.

[vmajor]

ok... late here and I will be away for a week. Do you mind if we resume this in a week's time? I'll be back and able to attempt this again then.

[half_life]

Flag my attention when you are back.  No problems.