| View previous topic :: View next topic |
| Author |
Message |
px
Guru
Joined: 26 Sep 2002
Posts: 497
Location: Metz, France
|
 Posted: Tue Oct 01, 2002 5:39 pm Post subject: DNS and more |
 |
|
I need some help to configure my server:
I got a server that act as gateway, mail server, dhcp, dns, http, ...
I have some client that use this server to go outside my network to reach internet.
I want to make the clients to be reached by a simple name from internet into my network.
server.mydomain.com => the server (62.212.106.46)
client1.mydomain.com => computer 1 (62.212.106.46 => 192.168.0.2)
client2.mydomain.com => computer 2 (62.212.106.46 => 192.168.0.3)
...
Is someone know what progs I need to configure and where to find the doc... or an easy way to do what I want? |
|
| Back to top |
|
 |
rizzo
Retired Dev
Joined: 30 Apr 2002
Posts: 1067
Location: Manitowoc, WI, USA
|
| Posted: Tue Oct 01, 2002 6:28 pm Post subject: |
|
|
What what services on these LAN machines do you want to be accessed from the internet? It all comes down to ports and port-forwarding. For this I recommend iptables. There are a number of posts in these forums about iptables, search and ye shall find.
Just having general access to a machine is never a good idea. Identify the services you want made public and handle on a port-by-port basis. |
|
| Back to top |
|
|
splooge
l33t
Joined: 30 Aug 2002
Posts: 636
|
| Posted: Tue Oct 01, 2002 6:45 pm Post subject: |
|
|
First of all, do you have a static IP address? If not you will need a dynamic DNS service. I use dyndns.org, they have other domain names you can choose from, for example, I am mud.homelinux.com no matter what my IP address is.
Secondly, you _typically_ can't give your internal machines external addresses. (Cisco PIX can..) The best suggestion I can recommend is to move all the services you want to run (http, dns, smtp, pop3) onto your 'server.' and make them accessible by the workstations. |
|
| Back to top |
|
|
px
Guru
Joined: 26 Sep 2002
Posts: 497
Location: Metz, France
|
| Posted: Tue Oct 01, 2002 6:57 pm Post subject: |
|
|
| I have a static ip, and I would access these by ssh, vnc and ftp. I think I will check fort port forwarding, but making all port available with only a dns and then block some port with a firewall on the concerned machine would be great, you know, accessing a single machine on the port I want by just typing its name:port. No matter thanks for your help. |
|
| Back to top |
|
|
rizzo
Retired Dev
Joined: 30 Apr 2002
Posts: 1067
Location: Manitowoc, WI, USA
|
| Posted: Tue Oct 01, 2002 6:59 pm Post subject: |
|
|
| splooge wrote: | | First of all, do you have a static IP address? If not you will need a dynamic DNS service. I use dyndns.org, they have other domain names you can choose from, for example, I am mud.homelinux.com no matter what my IP address is. |
I recommend zoneedit.com. You can use your own top-level domain with dynamic DNS. 5 domains free, $10/year/domain after that. Unlimited subdomains and email forwarding per domain. You could also specify whatever MX server you wanted if you don't want mail forwarding. |
|
| Back to top |
|
|
rizzo
Retired Dev
Joined: 30 Apr 2002
Posts: 1067
Location: Manitowoc, WI, USA
|
| Posted: Tue Oct 01, 2002 7:03 pm Post subject: |
|
|
| px wrote: | | I have a static ip, and I would access these by ssh, vnc and ftp. I think I will check fort port forwarding, but making all port available with only a dns and then block some port with a firewall on the concerned machine would be great, you know, accessing a single machine on the port I want by just typing its name:port. No matter thanks for your help. |
What you are doing will have very little to do with DNS. DNS relations end once they get to your firewall. Beyond that the addresses are not internet-resolvable.
If you wanted to do name-based forwarding I have no idea if that is possible. I know iptables will do port-based forwarding but I don't think it is aware of what domain name people use to get to that machine. |
|
| Back to top |
|
|
px
Guru
Joined: 26 Sep 2002
Posts: 497
Location: Metz, France
|
| Posted: Tue Oct 01, 2002 9:30 pm Post subject: |
|
|
| I don't have any Idea how to do a realy usefull config, I will check that. thnx for URL : ) |
|
| Back to top |
|
|
Messiah
Tux's lil' helper
Joined: 30 Apr 2002
Posts: 139
|
| Posted: Wed Oct 02, 2002 5:54 pm Post subject: |
|
|
| Maybe a little off-topic, but you could definitely achieve what you want and more if you only could get a couple more ip-adresses. |
|
| Back to top |
|
|
|
Networking & Security
