DaveHardwick
asked on
Reversing NAT
Ok heres a tough one, and i would be extremely greatful if anyone could enlighten me somewhat, or just bring some ideas forward.
Say i have around 20 computers on my internal network, i also have a dns server and 1 public address. Say i have purchased foobar.com and have desided to make my dns server authoritive for the domain, i have mapped my internal network machines to johndoe.foobar.com / janedoe.foobar.com and so forth. My question is, is it in any way possible to make my machines accessible from the outside world by hostname? A kind of reverse network address translation.
Surely theres something around that can do this? And if not, why not?
cheers
Say i have around 20 computers on my internal network, i also have a dns server and 1 public address. Say i have purchased foobar.com and have desided to make my dns server authoritive for the domain, i have mapped my internal network machines to johndoe.foobar.com / janedoe.foobar.com and so forth. My question is, is it in any way possible to make my machines accessible from the outside world by hostname? A kind of reverse network address translation.
Surely theres something around that can do this? And if not, why not?
cheers
somehow that get messed up a little....(it seemed to think I was typing html)
The urls would be:
<publicip>:19520 to get to janedoe and
<publicip>:19521 to get to johndoe
The urls would be:
<publicip>:19520 to get to janedoe and
<publicip>:19521 to get to johndoe
ASKER
Aye this i have considered, What i don't understand is why can't it work like a NAT but the other way round. I mean why can't a router recognise the request for janedoe.foobar.com and map it to her internal ip address.
I realise in practicality that if a dns server recieves a request it would just return janedoe's private address which is absolutely no good. What doesn't make sense to me is i guess is the IF part, why can't this work/why hasn't it been done. I'm sure it would work pretty much the same as a NAT but the other way round?
There is no system that can map ports from a public ip address to private ip addresses by hostname alone? or anything similar?
I realise in practicality that if a dns server recieves a request it would just return janedoe's private address which is absolutely no good. What doesn't make sense to me is i guess is the IF part, why can't this work/why hasn't it been done. I'm sure it would work pretty much the same as a NAT but the other way round?
There is no system that can map ports from a public ip address to private ip addresses by hostname alone? or anything similar?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
To further add to lrmoore's comments - the problem is that your router doesn't look at anything above later 3 - ie. the ip address...your firewall won't typically look at anything above layer 4 (tcp and or upd ports) - there's no way your to set firewall rules or mappings based on the host name in the upper layers of the packet.
JP
JP
Just to explain a bit more on lrmoore's already very complete answer:
- routers only recognise ip addresses, not names.
- a DNS server translates between these 2
- A NAT router needs PORT information (together with the destination ip address) to correctly route incoming sessions to the correct systems.
- PORT information is not part of the DNS system (except for mail (MX) records).
The solution would be to use a business account with more available public ip addresses.
- routers only recognise ip addresses, not names.
- a DNS server translates between these 2
- A NAT router needs PORT information (together with the destination ip address) to correctly route incoming sessions to the correct systems.
- PORT information is not part of the DNS system (except for mail (MX) records).
The solution would be to use a business account with more available public ip addresses.
ASKER
Aye this i have considered, What i don't understand is why can't it work like a NAT but the other way round. I mean why can't a router recognise the request for janedoe.foobar.com and map it to her internal ip address.
I realise in practicality that if a dns server recieves a request it would just return janedoe's private address which is absolutely no good. What doesn't make sense to me is i guess is the IF part, why can't this work/why hasn't it been done. I'm sure it would work pretty much the same as a NAT but the other way round?
There is no system that can map ports from a public ip address to private ip addresses by hostname alone? or anything similar?
I realise in practicality that if a dns server recieves a request it would just return janedoe's private address which is absolutely no good. What doesn't make sense to me is i guess is the IF part, why can't this work/why hasn't it been done. I'm sure it would work pretty much the same as a NAT but the other way round?
There is no system that can map ports from a public ip address to private ip addresses by hostname alone? or anything similar?
ASKER
Thanks to all that replied, I think i'm satisfied.
for ex., you could set up rules similar to the above:
incoming request to public ip on port 19520 - forward internal to janedoe on port 80
incoming request to public ip on port 19521 - forward internal to johndoe on port 80
incoming request to public ip on port 19522 - forward internal to janedoe on port 23
incoming request to public ip on port 19523 - forward internal to johndoe on port 23
then, from the outside you could do:
http://<publicip>:19520 and get to the webserver on janedoe
http://<publicip>:19521 and get to the webserver on johndoe
same thing with telnet/ssh:
telnet <publicip> 19522 telnets you to janedoe
telnet <publicip> 19253 telnets you to johndoe
it's kinda messy, but it does work.
HTH,
JP