Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


Port forwarding or DNS\Bind?

Posted on 2006-10-25
Medium Priority
Last Modified: 2010-03-18
HI All-
I have 2 public IP addresses. Say, & Currently the traffic from each of those addresses is fed into a router, which then uses port forwarding to send the http traffic from to a web server on my local network, at Http traffic on is sent to a machine on my local network at This has been tested and has worked very well for a couple of years.
A friend of mine wants to hosts a new domain on one of my public IP addresses, from his own dedicated machine. His machine has been placed on my local network at
If I wanted to use port forwarding to direct traffic for his domain to his machine, I would need to get another public IP address and set up forwarding rules on my firewall. Unfortunately, I cannot get another public IP address. So my question is, can I use BIND (or djbdns) to route traffic for his domain to his machine, or would I have to host his domain from one of my existing web servers? I am hoping that someone will know a way to use BIND to help.
To summarize, is it possible to change: -> -> router/firewall -> -> -> router/firewall ->

in to: -> -> router/firewall -> -> -> BIND -> -> -> BIND ->

If DNAT or SNAT would be required on the firewall, let me know how I might accomplish that as well.
Also, if you have any questions about my current setup, feel free to ask. I will be as helpful as possible.
Question by:hnodine
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
LVL 26

Expert Comment

ID: 17804919
You can't do anything about this situation with DNS. If you only have (and can get) 2 IPs, and you already have 2 sites (one on each IP), there is no way you can get your friends site working on one of those IPs unless you use a different port for his site, like 8080 or 81 and forward that port to his internal server.  This isn't a great solution because it'll require people to access his site using a url like

You might suggest to your friend he buy webhosting at one of the bazillion companies out there. I've seen it as low as $4 a month for decent bandwidth and storage.

Author Comment

ID: 17805105
That is terrible, but what I thought. I now completely understand why the IPv4 address space is being used up so quickly. I wish there was some way to use masquerading to accomplish this. It seems like that would help avoid the consumption of IPv4 public addresses, too. Oh well.
Thanks for the input.
LVL 26

Expert Comment

ID: 17805144
you could set up a redirect from one of your sites, but you probably don't want to mix business with your friend's personal site
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.


Author Comment

ID: 17805162
what do you mean by that? a redirect on my firewall? on the webserver? sorry, you lost me there.
LVL 26

Accepted Solution

jar3817 earned 600 total points
ID: 17805350
on the webserver...

someone requests and since all web traffic for that ip goes to your current business site, it will answer the request and redirect the client to which would get to your friends server.  It's a dirty hack and usually breaks with stuff like, but it can work.

Author Comment

ID: 17805368
yeah, that is what I thought you meant, and that is really cheesy. thanks for the tips, though.

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
Suggested Courses

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question