Re: Emulate real ip's to access intranet hosts from outside

To: Ramon Acedo <ramon.acedo@upcnet.es>
Cc: debian-security@lists.debian.org
Subject: Re: Emulate real ip's to access intranet hosts from outside
From: Rishi L Khan <rishi@UDel.Edu>
Date: Wed, 13 Feb 2002 09:16:31 -0500 (EST)
Message-id: <[🔎] Pine.SOL.4.44.0202130912160.21884-100000@copland.udel.edu>
In-reply-to: <[🔎] 1013610784.324.41.camel@k71400>

It seems to accomplish the example you posed, you need 2 external IPs.
Say they were 1.1.1.1 and 1.1.1.2 for example. Then in DNS you could do:

ftp1 -> 1.1.1.1
ftp2 -> 1.1.1.2
www1 -> 1.1.1.1
www2 -> 1.1.1.2

And on your firewall do:
1.1.1.1 port 21 -> 192.168.0.10
1.1.1.2 port 21 -> 192.168.0.50
1.1.1.1 port 80 -> 192.168.0.12
1.1.1.2 port 80 -> 192.168.0.33

Or, alternatively, you can Virtual host the 2 www ports. But the ftps, if
you want them to both be on port 21, need to have to separate IPs. The way
I do it at work is use port 21 for anon ftp and another port for
registered users ftp. That way the rules look like:

1.1.1.1 port 21   -> machine 1 port 21
1.1.1.1 port 2121 -> machine 2 port 21

Hope this helps.

		-rishi
On 13 Feb 2002, Ramon Acedo wrote:

> Hi again!
> Thanks for your quickly answers,
>
> 	I think I hadn't explained enough clearly in the first mail.
> The problem is the following:
> I have a SINGLE public ip with an associated domain. In that host I have
> a DNS server, mail server, web, etc. The important point is at the DNS.
> What i'd like to do is that the firewall forward all the packets
> independently of the destiny port, which can be any, to a host of the
> intranet with a private ip. The rule for decide which packets go to what
> host in the intranet is the name that the client refered to.
> Example:
>   when I do a ftp to ftp.mydomain.net my DNS server would forward the
> request to the host 192.168.1.10.
>
> I'd like to have a map like this:
>
> ftp1.mydomain.net ---> 192.168.1.10
> ftp2.mydomain.net ---> 192.168.1.50
> www1.mydomain.net ---> 192.168.1.12
> www2.mydomain.net ---> 192.168.1.33
>
> and so on
> But Actually in the internet all that names lookup to 213.1.2.3
> and of course the 192.168.x.x is never seen from the internet
>
> I know that apache can manage vhosts and I could redirect to a intranet
> host all the web traffic coming to www2.mydomain.org, the same can be
> done with wu-ftp or proftp where u can have multiple domains/dubdomains
> and have different ftp root directorys depending on the name the client
> used to contact it, and then I could set that roots pointing to nfs
> mounted directories of the internal net, but what I'd like is that all
> the traffic forward would depend on the name used by the client.
>
> As I said it's not a port forwarding matter it would be a program which
> could manage domain name vhosts and do some kind of bridging /
> forwarding to the intranet depending on the name the client reffered.
>
> So the idea is to emulate lots of real ips with just 1 public ip and 1
> domain with all the subdomains I'd need.
>
> Uh! I hope to have been clear enough this time, my English is not
> perfect (I'm Spanish) so please let me know if u got the idea, ok?
>
> Thanks a lot guys!
>
> Ramon Acedo
>
>
>
>
>
> --
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>

Reply to:

References:
- Re: Emulate real ip's to access intranet hosts from outside
  - From: Ramon Acedo <ramon.acedo@upcnet.es>

Prev by Date: Re: Emulate real ip's to access intranet hosts from outside
Next by Date: Problems with chrooting bind 9.2.0
Previous by thread: Re: Emulate real ip's to access intranet hosts from outside
Next by thread: Re: Emulate real ip's to access intranet hosts from outside
Index(es):
- Date
- Thread