One External to Multiple Internal IPs
Page 1 of 3 123 LastLast
Results 1 to 10 of 30

Thread: One External to Multiple Internal IPs

  1. #1
    Banned
    Join Date
    Sep 2001
    Posts
    522

    Question One External to Multiple Internal IPs

    Wow its been a while since I have posted. But anyway I have a little question for any of you out there who might be able to answer it.


    Let me give a sinario,

    Lets say I have 1 external IP but run 50 servers within my network all on internal IPs, is there any way to bind each server to a subdomain so that it can be accessed via that subdomain.

    Lets say 3 of these machines run SSH, and I dont want to change the port numbers that the service runs on but just make box1.domain.org go to box1's SSH, box2.domain.org go to box2's SSH etc.

    If this is at all possible I would like some feedback. If not then screw it.

  2. #2
    Senior Member
    Join Date
    Apr 2004
    Posts
    1,130
    you can remap ports on a nat firewall, such as Netfilter
    lets say all servers will get same ip address (at internet)
    but you assign diferent ports (at internet)
    at nat firewall you say (suposing that ur ip address on internet is 204.1.1.1)

    204.1.1.1:5000 ---> box1:ssh
    204.1.1.1:5001 --> box2:ssh
    204.1.1.1:5002 --> box3:ssh

    you should specify port at internet side, but when packet traverse firewall it will go to the correct port

    is that what you want?
    Meu sítio

    FORMAT C: Yes ...Yes??? ...Nooooo!!! ^C ^C ^C ^C ^C
    If I die before I sleep, I pray the Lord my soul to encrypt.
    If I die before I wake, I pray the Lord my soul to brake.

  3. #3
    Member
    Join Date
    Dec 2003
    Posts
    59
    Buy a firewall with NAT

  4. #4
    Banned
    Join Date
    Sep 2001
    Posts
    522
    cacosapo: I dont think i fully understand you. Would the external address still be box1.domain.org:22 ??

    The whole point is that anyone on the outside cant really even notice any difference, if they want to go to the ftp of box1 they just go to any ftp client and put box1.domain.org, and they can do the same for box 2 without the enduser having to change any ports.

    I dont see that possible w. a NAT firewall, or maybe im just mistaken.

    I dont even know if this is possible at all... a friend of mine a while back said it was but we never got into it.

  5. #5
    Member
    Join Date
    Dec 2003
    Posts
    59
    Tell them to just change ports, run the ssh daemon on 50 different ports.
    that's not 2 much to ask

  6. #6
    Banned
    Join Date
    Sep 2001
    Posts
    522
    I know i can tell them to change ports, but its not what I want, it doesnt solve my problem, just creates more problems... go try telling endusers to use even port 8080 as the webserver port, they will go nuts.

    The only solution i see to my problem is buying like a C block of IP addresses, but that would be way too expensive, which would defete what I am trying to do.

  7. #7
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Dome:

    Make the links to your web/ftp/etc sites yourself. Direct the users to an initial web page that is fixed then offer the list of services. The links would provide the :8080 etc. When they click on them ti does it automagically....

    Otherwise, by using simple NAT it can't be done as far as i can tell....
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  8. #8
    Banned
    Join Date
    Sep 2001
    Posts
    522
    it would raelly take a long time to try to explain what exactly i would be trying to do with all of this, but that wouldnt cut it.

    But if anyone knows of a way that you can basically bind a registered domain name to an internal IP in some sort of way then let me know.

  9. #9
    Member
    Join Date
    Dec 2003
    Posts
    59
    If you've got 50 servers you should be able to get a class C pretty cheap if you're in a datacenter, which with 50 servers, you should be

  10. #10
    Senior Member Spyrus's Avatar
    Join Date
    Oct 2002
    Posts
    742
    Would it work if you used different subnets? you may have to manually set Ips but then technically they should be different address' and allow connections to them without ports interfering. I guess to take this one step further, are you attemping to access this from the outside world or just playing internally in the network?

    If you are wanting access from the outside world you could tell users on the outside they are different ports and then just route the port interally to the correct ip

    edit: I just saw you were trying to bind multiple domains to internal Ips, not sure if this would work right but check it out http://www.4guysfromrolla.com/webtech/072700-1.shtml
    Duct tape.....A whole lot of Duct Tape
    Spyware/Adaware problem click
    here

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides