Free Weekly Tech Newsletter

Arbzask · 03-04-2003, 03:01 PM

hi guys and gals, im trying to set up a pretty hardcore online game with server farm to accompany. i was wondering if you could tell me how to set it up, or point me in the right direction for URLS.

ok, say the game has the addy game.co.uk, users type that into the url bar, and get forwarded to the default server at our HQ. we will have more than one machine at the HQ though, a couple of webservers, a database server, and a number cruncher. I want all the webservers to be accessible from the internet (that is, have an internet connection), but i want the database server and cruncher to be internal, and no way accessible from the net. i was really in need of a server topography. i was thinking something like this. (they use 1 internet connection)

Code:

                           webserver1
                           / 
-----------(router) - webserver 2
internet               \
connection           webserver 3

thats ok, but i NEED the servers to be able to access the database machine, and the database machine needs to access the cruncher. This is the only machine that needs to see the cruncher. the webservers are running PHP to access a mysql database on the db machine. so i was thinking

Code:

                           webserver1      \
                           /                         \
-----------(router) - webserver 2   ---- DB machine -- Cruncher
internet               \                        /
connection           webserver 3    /

but i dont want the last two to be visible from the internet AT ALL. the cruncher can only see the db etc. how would i set this up? using a router?

would i use a switch to make up the internal network?

also, how would i be able to access each webserver from the internet by typing in http://webserver1.game.co.uk etc. Would the router do this too? i want ALL ports except 80 to be totally BLOCKED. i figure all this will be done with NAT (on the router).

the boxes are loaded with RH7 linux, apache 1.3 PHP 4.3.1, the DB has RH7 + mysql, the cruncher has linux and a custom crunching program.

any links or advice would be highly appreciated. cheers

arbz

**mbossman2** · 03-04-2003, 03:45 PM

to segment this out and keep the db and cruncher private and the webservers public, i would set it up thus:

Internet
|
|
Router
|
|
|
Firewall - - - - DMZ with Webservers
|
|
|
Private LAN with DB and Cruncher server

you will need a firewall with 3 ethernet ports ( 1 public, 1 private and 1 DMz port)

Cisco, Watchguard etc offer firewalls like this.

Here are a couple of Cisco links:
Firewall - www.cisco.com/go/pix
DMZ config: http://www.cisco.com/en/US/products/...800941c8.shtml

Arbzask · 03-04-2003, 04:08 PM

thanks for the reply.

ill look into seperate routers and firewalls! would the webservers be branching off of the router? also, how would i access a specific machine by typing machine1.game.co.uk?

thanks

arbz

**mbossman2** · 03-04-2003, 04:33 PM

you can do it 2 ways:

1) a 2 ethernet port router and build a static route to direct unsolicited traffic out the ethernet port that leads to the DMZ.

2) let the firewall take care of directing all the traffic not solicited by the private LAN directly into the DMZ (see the DMZ config to make this happen).

The router and firewall solution is the preferred method as it gives you a more robust security solution than a router alone (especially if this is a business that you are talking about).

Arbzask · 03-04-2003, 04:37 PM

thanks so much for the help, one final question, do you know any links that talk about sorting this kind of thing out?

thanks again

arbz

edit: oh, and using the DMZ layout as youve explained, can the webservers access the db server?

Arbzask · 03-04-2003, 04:53 PM

have i got this right?

Code:

                                            (private)
Internet ---- [Router] ---- [Firewall] --------------- [Switch] -- Db
                                           |               |
                                           |(DMZ)     Cruncher
                                           |
                             Webserver1--[Switch]---Webserver2
                                           |
                                    Webserver3

**mbossman2** · 03-04-2003, 08:42 PM

yes the websevers, if you grant access, can hit the db servers.

your diagram is correct.

I will poke around for a weblink or 2.

03-04-2003, 03:01 PM	#1
Arbzask Member (7 bit) Join Date: Jul 2001 Location: London Posts: 67	Help me set up a server farm hi guys and gals, im trying to set up a pretty hardcore online game with server farm to accompany. i was wondering if you could tell me how to set it up, or point me in the right direction for URLS. ok, say the game has the addy game.co.uk, users type that into the url bar, and get forwarded to the default server at our HQ. we will have more than one machine at the HQ though, a couple of webservers, a database server, and a number cruncher. I want all the webservers to be accessible from the internet (that is, have an internet connection), but i want the database server and cruncher to be internal, and no way accessible from the net. i was really in need of a server topography. i was thinking something like this. (they use 1 internet connection) Code: webserver1 / -----------(router) - webserver 2 internet \ connection webserver 3 thats ok, but i NEED the servers to be able to access the database machine, and the database machine needs to access the cruncher. This is the only machine that needs to see the cruncher. the webservers are running PHP to access a mysql database on the db machine. so i was thinking Code: webserver1 \ / \ -----------(router) - webserver 2 ---- DB machine -- Cruncher internet \ / connection webserver 3 / but i dont want the last two to be visible from the internet AT ALL. the cruncher can only see the db etc. how would i set this up? using a router? would i use a switch to make up the internal network? also, how would i be able to access each webserver from the internet by typing in http://webserver1.game.co.uk etc. Would the router do this too? i want ALL ports except 80 to be totally BLOCKED. i figure all this will be done with NAT (on the router). the boxes are loaded with RH7 linux, apache 1.3 PHP 4.3.1, the DB has RH7 + mysql, the cruncher has linux and a custom crunching program. any links or advice would be highly appreciated. cheers arbz Share Share this post on Digg Del.icio.us Technorati Twitter

03-04-2003, 03:45 PM	#2
mbossman2 I am, in reality, a moose Staff Premium Member Join Date: Aug 1999 Location: RTP, NC Posts: 2,439	to segment this out and keep the db and cruncher private and the webservers public, i would set it up thus: Internet \| \| Router \| \| \| Firewall - - - - DMZ with Webservers \| \| \| Private LAN with DB and Cruncher server you will need a firewall with 3 ethernet ports ( 1 public, 1 private and 1 DMz port) Cisco, Watchguard etc offer firewalls like this. Here are a couple of Cisco links: Firewall - www.cisco.com/go/pix DMZ config: http://www.cisco.com/en/US/products/...800941c8.shtml Share Share this post on Digg Del.icio.us Technorati Twitter __________________ Veritas Principium Libertas Traveling Moose Last edited by mbossman2; 03-04-2003 at 03:48 PM.

03-04-2003, 04:08 PM	#3
Arbzask Member (7 bit) Join Date: Jul 2001 Location: London Posts: 67	thanks for the reply. ill look into seperate routers and firewalls! would the webservers be branching off of the router? also, how would i access a specific machine by typing machine1.game.co.uk? thanks arbz Share Share this post on Digg Del.icio.us Technorati Twitter

03-04-2003, 04:33 PM	#4
mbossman2 I am, in reality, a moose Staff Premium Member Join Date: Aug 1999 Location: RTP, NC Posts: 2,439	you can do it 2 ways: 1) a 2 ethernet port router and build a static route to direct unsolicited traffic out the ethernet port that leads to the DMZ. 2) let the firewall take care of directing all the traffic not solicited by the private LAN directly into the DMZ (see the DMZ config to make this happen). The router and firewall solution is the preferred method as it gives you a more robust security solution than a router alone (especially if this is a business that you are talking about). Share Share this post on Digg Del.icio.us Technorati Twitter

03-04-2003, 04:37 PM	#5
Arbzask Member (7 bit) Join Date: Jul 2001 Location: London Posts: 67	thanks so much for the help, one final question, do you know any links that talk about sorting this kind of thing out? thanks again arbz edit: oh, and using the DMZ layout as youve explained, can the webservers access the db server? Share Share this post on Digg Del.icio.us Technorati Twitter

Need Some Help? Type Your Keywords Here:

Still Need Help? Type Your Keywords Here:

Free Weekly Tech Newsletter

03-04-2003, 04:53 PM	#6
Arbzask Member (7 bit) Join Date: Jul 2001 Location: London Posts: 67	have i got this right? Code: (private) Internet ---- [Router] ---- [Firewall] --------------- [Switch] -- Db \| \| \|(DMZ) Cruncher \| Webserver1--[Switch]---Webserver2 \| Webserver3 Share Share this post on Digg Del.icio.us Technorati Twitter Last edited by Arbzask; 03-04-2003 at 04:55 PM.

03-04-2003, 08:42 PM	#7
mbossman2 I am, in reality, a moose Staff Premium Member Join Date: Aug 1999 Location: RTP, NC Posts: 2,439	yes the websevers, if you grant access, can hit the db servers. your diagram is correct. I will poke around for a weblink or 2. Share Share this post on Digg Del.icio.us Technorati Twitter

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Display Modes	Rate This Thread
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode	Rate This Thread:

Subscribe to THE INSIDER

Need Some Help? Type Your Keywords Here:

Still Need Help? Type Your Keywords Here:

Free Weekly Tech Newsletter