Hello. My question was not very clear earlier, so let me explain the situation. There's a software that connects to a server using domain and port number 8888. The same software has an update system that uses the same domain but port number 80, and unfortunately, it's impossible to change the software. The network that the server is on has closed access to port 80, but port 8888 is open and operational.

Now, here's the question: How can I make sure that "domain:80" refers to one server, while "domain:8888" points to another server, with minimal costs?

At the moment, the only solution I see is to set up an A-record on a new server that has fully open ports and filter requests to both ports using iptables. This would require about 2-3k rubles per server, and most VDS don't have the necessary iptables modules. Do you have any other recommendations or ideas on how to solve this problem?

So, does this mean that your main server also doesn't have iptables? Which approach would be beneficial? Additionally, is it impossible to install using repositories?


Perhaps exploring the option of a reverse-proxy could be a solution. A reverse-proxy is a server that sits between client devices and a web server, forwarding client requests to the appropriate server and serving as an intermediary. It can help improve performance, security, and scalability of web applications. Have you considered this as an alternative approach?

Here is a possible rephrase of the text while preserving its meaning and length:

The following commands can be used to configure iptables for port forwarding:

iptables -I INPUT -p tcp --dport 8888 -j ACCEPT
iptables -A PREROUTING -t nat -p tcp --dport 80 -j REDIRECT --to-port 8888

Even if you mentioned that changing the configuration is not an option, could it be possible to redirect packets towards the source instead of the destination?

On the topic of iptables and networking, it can be challenging to set up complex rules to regulate traffic and protect against threats. However, with proper knowledge and planning, it is possible to achieve a secure and efficient network architecture.

Assuming that the server port tcp:80 is not receiving packets from a router, there is only one correct option available. A simple solution to this problem is offered by any vds package worth 190 rubles or more, which comes with unlimited traffic and haproxy.

The use of haproxy allows for reliable proxying and load balancing of TCP and HTTP-based applications. This can be particularly useful in cases where high availability and performance are essential. With haproxy, users can expect a seamless and uninterrupted experience while interacting with web applications.

One possible solution to this problem is to use a reverse proxy server. A reverse proxy can listen on port 80 and forward requests to the appropriate backend server based on the URL or other criteria.

Here's how you can set it up:

1. Obtain a server with port 80 access. This server will act as the reverse proxy server.
2. Install and configure a reverse proxy software such as Nginx or Apache HTTP Server.
3. Set up a reverse proxy configuration that listens on port 80 and forwards requests to the correct backend server based on the URL pattern. For example, requests to `domain:80` can be forwarded to one backend server, while requests to `domain:8888` can be forwarded to another backend server.
4. Point the DNS A-record for `domain` to the IP address of the reverse proxy server.

With this setup, when clients make requests to the domain name, the reverse proxy server will receive the requests on port 80 and route them to the appropriate backend server based on the URL. The clients won't have to know about the different ports on the backend servers.

Another possible solution involves using a load balancer. Load balancers are typically used to distribute incoming network traffic across multiple servers to improve reliability and scalability. In this case, a load balancer can be used to direct requests to the appropriate backend server based on the port number.

Here's how you can set it up:

1. Obtain a load balancer that supports port-based routing. These could be physical devices or cloud-based services, depending on your infrastructure setup and requirements.
2. Configure the load balancer to listen on port 80 and distribute incoming traffic to the backend servers based on the port number.
3. Point the DNS A-record for `domain:80` to the IP address of the load balancer.

With this setup, the load balancer will receive all requests made to `domain:80`. It will then examine the port number of each request and route it to the appropriate backend server accordingly. The load balancer effectively acts as an intermediary between the clients and the backend servers, ensuring that requests are directed correctly.

This solution also requires minimal additional costs as you only need a load balancer capable of port-based routing. However, keep in mind that load balancers may introduce some additional latency due to the extra network hop. It's essential to consider the specific requirements and performance implications in your scenario.

Both the reverse proxy and load balancer solutions should help you achieve your goal of directing requests to different servers based on port numbers while minimizing costs. The choice between them depends on factors like your infrastructure setup, available resources, and performance requirements.