I wonder if any of you had some advice/tutorial/howto regarding public
vs. private IP and encryption on Rackspace.
To give you some background:
On Rackspace every server has 2 network interfaces. A public (eth0) and
a private (eth1). Network over the private interface is free, you get
charged for the public one. The assumption is that I have a couple of
frontends (app-servers) and backends (MySQL), that talk to each other.
However I have a complete list of IPs involved.
Now my idea is to use a combination of iptables DNAT and IPSec/Racoon to
reduce cost and enhance privacy at the same time.
First of all one could use iptables DNAT to rewrite the public IP to the
internal one. So the application can still use a DNS name (which
resolves to the public IP). Under the hood, traffic would get
"rewritten" to use the internal (free of cost) IP.
In addition I'd use IPSec+Racoon to encrypt traffic on a IP level.
Cheapest solution here is to use a pre-shared key. No X.509
complications. Racoon looks appealing.
Anybody out there, who has some experience in this area? Comments,
suggestions, everything is welcome....
Cheers,
Jens
iptables
-t nat -A PREROUTING -d 8.8.8.8 -j DNAT --to-destination
10.0.0.1
no, sadly there is no such thing on Rackspace. You even "get" two
network interfaces, eth0 with public IP and eth1 with a private on. :-/
Jens