we haven't been able to figure this out whatsoever, and this data center has no real support that explain how this is working. This is an unfamiliar setup to us but they assure us it's standard for them.
We purchased a range of public IP addresses for our drop. They provided us this info:
Our firewall (SonicWall TZ 470) is plugged up to the fiber drop for its default WAN. I was instructed to setup the WAN interface as follows:
- WAN interface (X8)
- Zone: WAN
- IP Address: 152.160.28.78
- Subnet: 255.255.255.252
- Default Gateway: 152.160.28.77
- DNS Server 1: 216.234.97.2
- DNS Server 2: 216.234.97.3
However, we were told that public traffic shouldn't actually route to 152.160.28.78. We should still use the public IP address range we were given. Which... works kind of? I have no idea how and would love to know what's going on, because now that I need to use more than one of these public IP addresses, I'm not sure what to do.
So we have our current X0 LAN, which is connected directly to a VM host with three VMs, and a NAT rule that seems to get one of these public IP addresses to it:
- LAN Interface X0
- IP Address: 10.20.0.1
- Subnet Mask: 255.255.0.0
- Default Gateway: (0.0.0.0)
- VM Host server
- IP Address: 10.20.0.100
- Subnet: 255.255.0.0
- Gateway: 10.20.0.1
- Server-1
- IP Address: 10.20.0.101
- Subnet: 255.255.0.0
- Gateway: 10.20.0.1
- Server-2
- IP Address: 10.20.0.102
- Subnet: 255.255.0.0
- Gateway: 10.20.0.1
- Server-3 (Reverse Proxy)
- IP Address: 10.20.0.103
- Subnet: 255.255.0.0
- Gateway: 10.20.0.1
- NAT rules
- Destination 209.124.48.83 -> Destination 10.20.0.101
- Source 10.20.0.101 -> Source 209.124.48.83
Server-2 and Server-3 are new additions. The NAT rules have worked fine to route that public IP address to Server-1.
I tried adding NAT rules for 209.124.48.84 <-> 10.20.0.103. This didn't seem to work. Nor do I know why/how it would. It sometimes took DNS traffic routed to 209.124.48.84 and sent it to Server-1 at 10.20.0.101 somehow. And yeah, it all becomes cloudy at this point. I wouldn't expect two different public IP addresses to effectively travel from one interface to one NIC of a VM Host.
So anyhow, what I'm looking to accomplish:
We split a website from Server-1 (IIS server) to Server-2 (Ubuntu/Apache). On Server-1, the website runs in a subdirectory of the main host domain (www.website.com/app). We'd like to preserve this by using a Reverse Proxy server to direct the /app location to Server-2, and everything else to Server-1.
Server-1 also hosts several different host domains. I'd prefer not to use the Reverse Proxy for every single one of these sites. I just want to send www.website.com DNS to the Reverse Proxy, and everything else (ex: www.otherwebsite.com) can still go directly to Server-1.
Unfortunately, I couldn't get any public traffic effectively routed to the Reverse Proxy, which I figure would need to involve using another one of these public IP addresses.
So my questions are:
- What is this setup I've been given by the data center? Is there some concept here I've never heard of at play? I'd like to understand how this is working and how I can effectively utilize these IP addresses.
- Is it possible with this setup to accomplish the above? Would I need more hardware? More connections? The VM Host has 4 NICs. I was thinking of plugging X1 of the firewall into NIC2 of the VM Host server, and perhaps I could get the routing to work better if I NAT another public IP address to a different subnet/interface? It's hard to say because I genuinely have no clue how the current public IP address is even working at all.
And, apologies if stuff like this has been asked/explained before. Unfortunately I'm not sure what all is at play here to even search effectively for it.
