8 virtual server, Irtual, Erver – Planet Technology MH-2001 User Manual

MH-2001 Multi-Homing Security Gateway User’s Manual

6.8 Virtual Server

MH-2001 separates an enterprise’s Intranet and Internet into LAN networks and WAN networks respectively.

Generally speaking, in order to allocate enough IP addresses for all computers, an enterprise assigns each

computer a private IP address, and converts it into a real IP address through MH-2001’s NAT (Network

Address Translation) function. If a server providing service to the WAN networks is located in the LAN

networks, outside users can’t directly connect to the server by using the server’s private IP address.

MH-2001’s Virtual Server can solve this problem. A virtual server has set the real IP address of MH-2001’s

WAN network interface to be the Virtual Server IP. Through the virtual server feature, MH-2001 translates the

virtual server’s IP address into the private IP address of physical server in the LAN network. When outside

users on the Internet request connections to the virtual server, the request will be forwarded to the private

LAN server.

Virtual Server owns another feature known as one-to-many mapping. This is when one virtual server IP

address on the WAN interface can be mapped into 4 LAN network server private IP addresses. This option is

useful for Load Balancing, which causes the virtual server to distribute data packets to each private IP

addresses (which are the real servers). By sending all data packets to all similar servers, this increases the

server’s efficiency, reduces risks of server crashes, and enhances servers’ stability.

How to use Virtual Server and mapped IP

Virtual Server and Mapped IP are part of the IP mapping (also called DMZ, De-Militarization Zone) scheme.

By applying the incoming policies, Virtual Server and IP mapping work similarly. They map real IP addresses

to the physical servers’ private IP addresses (which is opposite to NAT), but there are still some differences:

„ Virtual Server can map one real IP to several LAN physical servers while Mapped IP can

only map one real IP to one LAN physical server (1-to-1 Mapping). The Virtual Servers’ load

balance feature can map a specific service request to different physical servers running the

same services.

„ Virtual Server can only map one real IP to one service/port of the LAN physical servers

while Mapped IP maps one real IP to all the services offered by the physical server.

„ IP mapping and Virtual Server work by binding the IP address of the WAN virtual server to

the private LAN IP address of the physical server that supports the services. Therefore

users from the WAN network can access servers of the LAN network by requesting the

service from the IP address provided by Virtual Server.

In this chapter, we will have detailed introduction and instruction of Mapped IP and Server 1/2/3/4:

- 98 -