We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you a podcast all about Citrix Workspace, moving to the cloud, and analytics & intelligence. Episode 2 coming soon!Listen Now

x

Port forwarding or DNS\Bind?

hnodine
hnodine asked
on
Medium Priority
513 Views
Last Modified: 2010-03-18
HI All-
I have 2 public IP addresses. Say, 67.50.3.60 & 67.50.3.61. Currently the traffic from each of those addresses is fed into a router, which then uses port forwarding to send the http traffic from 67.50.3.60 to a web server on my local network, at 192.168.5.2. Http traffic on 67.50.3.61 is sent to a machine on my local network at 192.168.5.3. This has been tested and has worked very well for a couple of years.
A friend of mine wants to hosts a new domain on one of my public IP addresses, from his own dedicated machine. His machine has been placed on my local network at 192.168.5.4.
If I wanted to use port forwarding to direct traffic for his domain to his machine, I would need to get another public IP address and set up forwarding rules on my firewall. Unfortunately, I cannot get another public IP address. So my question is, can I use BIND (or djbdns) to route traffic for his domain to his machine, or would I have to host his domain from one of my existing web servers? I am hoping that someone will know a way to use BIND to help.
To summarize, is it possible to change:

domainA.com -> 67.50.3.60:80 -> router/firewall -> 192.168.5.2
domainB.com -> 67.50.3.61:80 -> router/firewall -> 192.168.5.3

in to:

domainA.com -> 67.50.3.60:80 -> router/firewall -> 192.168.5.2
domainB.com -> 67.50.3.61:80 -> BIND -> 192.168.5.3
domainC.com -> 67.50.3.61:80 -> BIND -> 192.168.5.4


If DNAT or SNAT would be required on the firewall, let me know how I might accomplish that as well.
Also, if you have any questions about my current setup, feel free to ask. I will be as helpful as possible.
Comment
Watch Question

Commented:
You can't do anything about this situation with DNS. If you only have (and can get) 2 IPs, and you already have 2 sites (one on each IP), there is no way you can get your friends site working on one of those IPs unless you use a different port for his site, like 8080 or 81 and forward that port to his internal server.  This isn't a great solution because it'll require people to access his site using a url like http://hissite.com:8080

You might suggest to your friend he buy webhosting at one of the bazillion companies out there. I've seen it as low as $4 a month for decent bandwidth and storage.

Author

Commented:
That is terrible, but what I thought. I now completely understand why the IPv4 address space is being used up so quickly. I wish there was some way to use masquerading to accomplish this. It seems like that would help avoid the consumption of IPv4 public addresses, too. Oh well.
Thanks for the input.

Commented:
you could set up a redirect from one of your sites, but you probably don't want to mix business with your friend's personal site

Author

Commented:
what do you mean by that? a redirect on my firewall? on the webserver? sorry, you lost me there.
Commented:
on the webserver...

someone requests http://yourfriendssite.com and since all web traffic for that ip goes to your current business site, it will answer the request and redirect the client to http://yourfriendssite.com:8080 which would get to your friends server.  It's a dirty hack and usually breaks with stuff like http://yourfriendssite.com/somewhere/somepage.html, but it can work.

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts

Author

Commented:
yeah, that is what I thought you meant, and that is really cheesy. thanks for the tips, though.
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.