0

Hi I have something silly like idea to proxying mysql connections.

I have upload an image of my concept to here http://i52.tinypic.com/o7src3.png

There is a single machine on local network running multiple mysql servers on different ports. This machine cannot reveal to Internet directly due to security reasons. clients are connecting to default mysql port (3306) without knowing these ports. Client requests are routed to correct mysql server port by identifying their domain name.

I tried to use mysql-proxy, but seems this scenario cannot achieve using mysql-proxy (I didn't tried much harder).

Is there a way to achieve this using iptables or any other method?

Your replies are highly appreciated.

gihan
  • 3
  • 1
  • 5

2 Answers2

0

The problem is that there is no equivalent to Host: (that HTTP virtual servers) can use to differentiate abc.com from xyz.com on the same machine. All the proxy server sees is a connection coming into 1.2.3.4 on port 3306. You could do it using multiple IPs on one physical host (port-forwarding/NAT), but not on one IP, the proxy doesn't know what name was used to connect to it.

Aaron
  • 2,968
  • 1
  • 22
  • 36
0

You can somewhat do this with iptables.

iptables -t nat -A PREROUTING --source dbs1.abc.com --dport 3306 -j DNAT --to 123.63.1.23:13307
iptables -t nat -A PREROUTING --source dbs2.abc.com --dport 3306 -j DNAT --to 123.63.1.23:13306

However, you say "[c]lient requests are routed to correct mysql server port by identifying their domain name." The --source argument in iptables cannot be a domain name. It can be a hostname (but the host's IP address is generally used instead as forcing iptables to resolve names may be hazardous to your health) or a IP address range.

Mark Wagner
  • 17,764
  • 2
  • 30
  • 47