?
Solved

Reversing NAT

Posted on 2003-03-26
8
Medium Priority
?
268 Views
Last Modified: 2012-06-27
Ok heres a tough one, and i would be extremely greatful if anyone could enlighten me somewhat, or just bring some ideas forward.

Say i have around 20 computers on my internal network, i also have a dns server and 1 public address.  Say i have purchased foobar.com and have desided to make my dns server authoritive for the domain, i have mapped my internal network machines to johndoe.foobar.com / janedoe.foobar.com and so forth.  My question is, is it in any way possible to make my machines accessible from the outside world by hostname?  A kind of reverse network address translation.

Surely theres something around that can do this?  And if not, why not?

cheers
0
Comment
Question by:DaveHardwick
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 16

Expert Comment

by:JammyPak
ID: 8210716
this would depend on what kind of access you want to your internal pcs....since you have only one public address, the only thing I could see here is using different ports to forward to different ports on each computer.

for ex., you could set up rules similar to the above:
incoming request to public ip on port 19520 - forward internal to janedoe on port 80
incoming request to public ip on port 19521 - forward internal to johndoe on port 80

incoming request to public ip on port 19522 - forward internal to janedoe on port 23
incoming request to public ip on port 19523 - forward internal to johndoe on port 23
then, from the outside you could do:

http://<publicip>:19520 and get to the webserver on janedoe
http://<publicip>:19521 and get to the webserver on johndoe

same thing with telnet/ssh:
telnet <publicip> 19522 telnets you to janedoe
telnet <publicip> 19253 telnets you to johndoe

it's kinda messy, but it does work.
HTH,
JP
0
 
LVL 16

Expert Comment

by:JammyPak
ID: 8210742
somehow that get messed up a little....(it seemed to think I was typing html)
The urls would be:

<publicip>:19520 to get to janedoe and
<publicip>:19521 to get to johndoe
0
 

Author Comment

by:DaveHardwick
ID: 8211288
Aye this i have considered, What i don't understand is why can't it work like a NAT but the other way round.  I mean why can't a router recognise the request for janedoe.foobar.com and map it to her internal ip address.  

I realise in practicality that if a dns server recieves a request it would just return janedoe's private address which is absolutely no good.  What doesn't make sense to me is i guess is the IF part, why can't this work/why hasn't it been done.  I'm sure it would work pretty much the same as a NAT but the other way round?

There is no system that can map ports from a public ip address to private ip addresses by hostname alone? or anything similar?
0
Video: Liquid Web Managed WordPress Comparisons

If you run run a WordPress, you understand the potential headaches you may face when updating your plugins and themes. Do you choose to update on the fly and risk taking down your site; or do you set up a staging, keep it in sync with your live site and use that to test updates?

 
LVL 79

Accepted Solution

by:
lrmoore earned 750 total points
ID: 8211333
Two issues:
1. When NAT/PAT is being used, there is no guarantee of ports/maps used by the NAT/PAT translation device-it is all local to that device--unless you specifically map a specific port to forward to a specific internal address, or use static one-to-one nat map.
2. DNS just doesn't work that way. I think you're wanting something like:
jane.mycompany.com = publicip:portx
john.mycompany.com = samepublicip:porty
jim.mycompany.com = samepublicip:portz

There simply is no mapping of ports with dns. IP address only.
0
 
LVL 16

Expert Comment

by:JammyPak
ID: 8211482
To further add to lrmoore's comments - the problem is that your router doesn't look at anything above later 3 - ie. the ip address...your firewall won't typically look at anything above layer 4 (tcp and or upd ports) - there's no way your to set firewall rules or mappings based on the host name in the upper layers of the packet.

JP
0
 
LVL 6

Expert Comment

by:joopv
ID: 8211520
Just to explain a bit more on lrmoore's already very complete answer:
- routers only recognise ip addresses, not names.
- a DNS server translates between these 2
- A NAT router needs PORT information (together with the destination ip address) to correctly route incoming sessions to the correct systems.
- PORT information is not part of the DNS system (except for mail (MX) records).

The solution would be to use a business account with more available public ip addresses.
0
 

Author Comment

by:DaveHardwick
ID: 8211771
Aye this i have considered, What i don't understand is why can't it work like a NAT but the other way round.  I mean why can't a router recognise the request for janedoe.foobar.com and map it to her internal ip address.  

I realise in practicality that if a dns server recieves a request it would just return janedoe's private address which is absolutely no good.  What doesn't make sense to me is i guess is the IF part, why can't this work/why hasn't it been done.  I'm sure it would work pretty much the same as a NAT but the other way round?

There is no system that can map ports from a public ip address to private ip addresses by hostname alone? or anything similar?
0
 

Author Comment

by:DaveHardwick
ID: 8211823
Thanks to all that replied, I think i'm satisfied.
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A 2007 NCSA Cyber Security survey revealed that a mere 4% of the population has a full understanding of firewalls. As business owner, you should be part of that 4% that has a full understanding.
During and after that shift to cloud, one area that still poses a struggle for many organizations is what to do with their department file shares.
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question