Re: Emulate real ip's to access intranet hosts from outside

To: Ramon Acedo <ramon.acedo@upcnet.es>
Cc: debian-security@lists.debian.org
Subject: Re: Emulate real ip's to access intranet hosts from outside
From: Ralf Dreibrodt <ralf@dreibrodt.de>
Date: Wed, 13 Feb 2002 14:42:02 +0100
Message-id: <[🔎] 3C6A6D2A.EF0446C3@dreibrodt.de>
References: <[🔎] 1013610784.324.41.camel@k71400>

Hi,

Ramon Acedo wrote:
> 
> I'd like to have a map like this:
> 
> ftp1.mydomain.net ---> 192.168.1.10
> ftp2.mydomain.net ---> 192.168.1.50
> www1.mydomain.net ---> 192.168.1.12
> www2.mydomain.net ---> 192.168.1.33

that´s hard, tricky and not always possible.

most protocols (e.g. ftp, telnet, http without host-header) don´t
transmit the fqdn.
they use only the ip.

so you have to have a look at the dns-server.
someone is asking for the ip of ftp2.mydomain.net and immediately after
that, someone is connecting via ftp to your server.
then you can assume, that he connected to ftp2.mydomain.net.

with protocols that transmit the fqdn (eg. http with host-header) this
is no problem.
they send a request, in the request you can see the "virtual host" and
you can forward the request to a certain server in the intranet.

there are some other tricks, but the easiest way is to order more ips ;)
if you get from your provider just one, then you often (at least in
germany) are not allowed to connect more than one client, often you are
even not allowed to connect a server.

bye
Ralf

Reply to:

References:
- Re: Emulate real ip's to access intranet hosts from outside
  - From: Ramon Acedo <ramon.acedo@upcnet.es>

Prev by Date: Re: Emulate real ip's to access intranet hosts from outside
Next by Date: Re: Emulate real ip's to access intranet hosts from outside
Previous by thread: Re: Emulate real ip's to access intranet hosts from outside
Next by thread: Re: Emulate real ip's to access intranet hosts from outside
Index(es):
- Date
- Thread