Hey guys,
I was just wondering if something like this works:
I got a Internet Router running Gentoo, routing the Internet (eth0) for two different internal networks (eth1, eth2).
My Internet connection is DSL, which means dynamic IP and 24h disconnect.
For now I got set up a domain with zoneedit.com. So I got a real .net domain pointing to my IP most of the time.
I can also create sub-domains and make them point there.
What I want to know is: Is it possible to make the router route connections to internal PCs according to the subdomain.
For example: My domain is www.asdf.com, if connecting to pc1.asdf.com the connection should be routed to a certain IP on the internal network on all ports (at least on most of them). If connection to pc2.asdf.com the connection should be routed to a different computer on the internal network.
Is it possible to build something like this ?
Routing Subdomains to internal IPs
Message
Re: Routing Subdomains to internal IPs
im gona guess (and maybe someone can correct or back me up on this) but make ur router give static address to the internal machine (make sure host name and domain on it are setup to what u want pc2.asdf.com)sege wrote:Hey guys,
I was just wondering if something like this works:
I got a Internet Router running Gentoo, routing the Internet (eth0) for two different internal networks (eth1, eth2).
My Internet connection is DSL, which means dynamic IP and 24h disconnect.
For now I got set up a domain with zoneedit.com. So I got a real .net domain pointing to my IP most of the time.
I can also create sub-domains and make them point there.
What I want to know is: Is it possible to make the router route connections to internal PCs according to the subdomain.
For example: My domain is www.asdf.com, if connecting to pc1.asdf.com the connection should be routed to a certain IP on the internal network on all ports (at least on most of them). If connection to pc2.asdf.com the connection should be routed to a different computer on the internal network.
Is it possible to build something like this ?
then use firewall policies set as DMZ and a DNS running within the internal network to forward to that address when someone from the internet calls it specifically ?!?
Gentoo , perfection to all the non believers
- gentoo_ram
- Guru
- Posts: 528
- Joined: Thu Oct 25, 2007 10:04 pm
- Location: San Diego, California USA
You don't give a lot of specifics here. I'm assuming your "internal" boxes have non-routeable IP addresses. As such, you aren't going to be able to get directly to them from the Internet, in general. All DNS does is translate names into IP addresses. Routing is done by IP, not by DNS.
As I see it, you have 3 options:
1. Carve out port ranges on your gateway box and forward those ports to specific boxes on your internal network. Let's say you want to forward 5 different ports for each box on your internal network. On your gateway box forward ports 8000-8005 for machine one, 8006-8010 for box 2, etc.
2. Set up some kind of VPN. There are several to choose from. But this only works if you can configure and install the VPN client on the computer you want to access your internal boxes with. If you have your own laptop, this might be acceptable. You can configure routes to whatever networks you want with your VPN.
In other words, you configure the remote computer such that network 10.0.1.x goes over the VPN which routes through your gateway to the appropriate network on your internal network.
I know this is possible with IPsec. You may have other VPN options available. The advantage of the VPN solution is that you can get encryption as well! The disadvantage is that you'll need a client at the remote computer and it's tricky to set up.
3. Move to an ISP which can give you a routeable subnet of multiple IP addresses. It will almost surely be more expensive than what you're paying now.
As I see it, you have 3 options:
1. Carve out port ranges on your gateway box and forward those ports to specific boxes on your internal network. Let's say you want to forward 5 different ports for each box on your internal network. On your gateway box forward ports 8000-8005 for machine one, 8006-8010 for box 2, etc.
2. Set up some kind of VPN. There are several to choose from. But this only works if you can configure and install the VPN client on the computer you want to access your internal boxes with. If you have your own laptop, this might be acceptable. You can configure routes to whatever networks you want with your VPN.
In other words, you configure the remote computer such that network 10.0.1.x goes over the VPN which routes through your gateway to the appropriate network on your internal network.
I know this is possible with IPsec. You may have other VPN options available. The advantage of the VPN solution is that you can get encryption as well! The disadvantage is that you'll need a client at the remote computer and it's tricky to set up.
3. Move to an ISP which can give you a routeable subnet of multiple IP addresses. It will almost surely be more expensive than what you're paying now.
Yeah that's true. As you said, I have non-routable IP-Addresse on the internal.
You know the default 192.168.0.XYZ stuff
The external is a DSL PPP connection, which just gives me 1 IP-Address like 82.149.42.XYZ
Its a 16mbit down 1mbit up connection for 30 Euros a month. Just the same as every normal household has.
I really hopped there is a possibility to set up the router to check which subdomain was used to connect to and then route this traffic to the internal boxes.
Is there nothing to try with DMZ or something ?
1.) would be the only alternative for my
2.) I also want to have everyone be able to connect to these machines just by typing in the browsers window oder commandline without setting up a vpn before
3.) you are right: too expensive for me now
You know the default 192.168.0.XYZ stuff
The external is a DSL PPP connection, which just gives me 1 IP-Address like 82.149.42.XYZ
Its a 16mbit down 1mbit up connection for 30 Euros a month. Just the same as every normal household has.
I really hopped there is a possibility to set up the router to check which subdomain was used to connect to and then route this traffic to the internal boxes.
Is there nothing to try with DMZ or something ?
1.) would be the only alternative for my
2.) I also want to have everyone be able to connect to these machines just by typing in the browsers window oder commandline without setting up a vpn before
3.) you are right: too expensive for me now
Your router has no way of knowing which of the names the peer entered. The peer could even have entered the IP address directly, without using a name.
If you only need to do this for HTTP, you can probably pull this off by running a proxy on the gateway, which inspects the Host: header and forwards requests accordingly. If you need it to work for arbitrary protocols, it is much more likely that you cannot do this without buying additional IP addresses.
If you only need to do this for HTTP, you can probably pull this off by running a proxy on the gateway, which inspects the Host: header and forwards requests accordingly. If you need it to work for arbitrary protocols, it is much more likely that you cannot do this without buying additional IP addresses.