Go-live – Using Port Forwarding

Posted on November 21, 2011 by Andy

When migrating a website to a new host or server there is always that awkward time in switching the website over from the old to the new server. In order to make the new server live, the DNS will need to be updated. DNS relies on caching to work, so during that time some people will see the site as down, some will view the old site and some the new one. This could result in confusion for the customer and potential loss of sales.

One option is to lower the DNS TTL (time-to-live) really low. This will work, but many ISPs will enforce a higher TTL on their systems to cache the DNS. A better option is to leave the DNS as it is and use a method of Port Forwarding instead. This will basically get the old server to accept traffic and simply forward it on to the new server. One such method is using a program called “rinetd”. It can be found here – http://www.boutell.com/rinetd/

The description on the website says “Redirects TCP connections from one IP address and port to another. rinetd is a single-process server which handles any number of connections to the address/port pairs specified in the file /etc/rinetd.conf. Since rinetd runs as a single process using nonblocking I/O, it is able to redirect a large number of connections without a severe impact on the machine.”

rinetd uses the configuration file /etc/rinetd.conf.
Entries take the form of “Source_ip src_port Destination_ip dest_port”

For example to forward port 80 and 443 from IP 10.0.0.1 to 192.168.0.1 :
10.0.0.1 80 192.168.0.1 80
10.0.0.1 443 192.168.0.1 443

If you need to forward all IP’s for a particular port use all zeros :
0.0.0.0 110 192.168.0.1 110

Most normal TCP services can be forwarded in this way. FTP will not work as it uses multiple sockets. Mixing 0.0.0.0 and normal IP’s will result in rinetd giving an error “cannot bind to ports”.

Important things to remember :
* Make sure the firewalls are open on BOTH sides.
* DON’T forward port 25 (smtp) – this will result in an OPEN RELAY !! You will need to use the email programs built-in methods for email forwarding.

Once you are ready, you must STOP Apache (web server) and any services so that rinetd can then bind to those ports. To start “rinetd” – simply launch it by running “rinetd”.

This will now ensure that everyone views the website from the new server. Traffic will go via the old server, so it could be slightly delayed. Once thats all working, you can go ahead and update the DNS to point directly to the new server.

Post to Digg Digg This Post Post to Reddit Post to Reddit Post to StumbleUpon Stumble This Post Post to Technorati Post to Technorati

This entry was posted in Managed Hosting. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>