Re: Emulate real ip's to access intranet hosts from outside

To: Ramon Acedo <ramon.acedo@upcnet.es>
Cc: debian-user@lists.debian.org
Subject: Re: Emulate real ip's to access intranet hosts from outside
From: Michel Loos <loos@qt1.iq.usp.br>
Date: 13 Feb 2002 12:21:46 -0200
Message-id: <[🔎] 1013610106.26741.26.camel@michel>
In-reply-to: <[🔎] 1013610698.324.37.camel@k71400>
References: <[🔎] 1013610698.324.37.camel@k71400>

Em Qua, 2002-02-13 às 12:31, Ramon Acedo escreveu:
> 
> Hi again! 
> Thanks for your quickly answers,
> 
> 	I think I hadn't explained enough clearly in the first mail.
> The problem is the following:
> I have a SINGLE public ip with an associated domain. In that host I have
> a DNS server, mail server, web, etc. The important point is at the DNS.
> What i'd like to do is that the firewall forward all the packets
> independently of the destiny port, which can be any, to a host of the
> intranet with a private ip.

This is simply impossible: outside of your network you have only one
address, and only this machine can be accessed from the outside on all
its ports.
What is possible is to forward specific services to the inside,
or to use unused ports (by you) and to forward them to specific ports to
the inside. For ex. 22 ssh of frontend, 222 redirect to port 22 of
inside host2, 2222 to inside host3 etc. 
I am using such a configuration on one intranets: it works (well sort of
because from the outside world (out of institution) the general firewall
will block those ports.)

> The rule for decide which packets go to what
> host in the intranet is the name that the client refered to.
> Example:
>   when I do a ftp to ftp.mydomain.net my DNS server would forward the
> request to the host 192.168.1.10.
> 
> I'd like to have a map like this:
> 
> ftp1.mydomain.net ---> 192.168.1.10
> ftp2.mydomain.net ---> 192.168.1.50
> www1.mydomain.net ---> 192.168.1.12
> www2.mydomain.net ---> 192.168.1.33
>
> and so on
> But Actually in the internet all that names lookup to 213.1.2.3
> and of course the 192.168.x.x is never seen from the internet
> 

Yes and that is exactly your problem: you will have to do some port
forwarding on your official ip.

Michel.

> I know that apache can manage vhosts and I could redirect to a intranet
> host all the web traffic coming to www2.mydomain.org, the same can be
> done with wu-ftp or proftp where u can have multiple domains/dubdomains
> and have different ftp root directorys depending on the name the client
> used to contact it, and then I could set that roots pointing to nfs
> mounted directories of the internal net, but what I'd like is that all
> the traffic forward would depend on the name used by the client.
> 
> As I said it's not a port forwarding matter it would be a program which
> could manage domain name vhosts and do some kind of bridging /
> forwarding to the intranet depending on the name the client reffered.
>
> So the idea is to emulate lots of real ips with just 1 public ip and 1
> domain with all the subdomains I'd need.
> 
> Uh! I hope to have been clear enough this time, my English is not
> perfect (I'm Spanish) so please let me know if u got the idea, ok?
> 
> Thanks a lot guys!
> 
> Ramon Acedo
> 
> 
> 
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-user-request@lists.debian.org 
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> 
>

Reply to:

References:
- Re: Emulate real ip's to access intranet hosts from outside
  - From: Ramon Acedo <ramon.acedo@upcnet.es>

Prev by Date: Re: pppd + exim question
Next by Date: Re: Browsing workgroup from command line
Previous by thread: Re: Emulate real ip's to access intranet hosts from outside
Next by thread: RE: Emulate real ip's to access intranet hosts from outside
Index(es):
- Date
- Thread