Solved

forward to dns name and port

Posted on 2006-11-08
18
622 Views
Last Modified: 2008-02-01
How do i setup forwarding for websites and ports?
What I want to do is have the user type in: http://<insertDname1> and be forwarded to http://<insertDname2>:<port> or <IPAddress>:<Port> while retaining the first domain name.  I think its a virtual host but I have never set this up before.
Software:
Windows Server 2003 Standard Edition R2
Firewall hardware: SonicWall 2040 Pro with Sonic OS Enchanced
0
Comment
Question by:DVDude_1
  • 7
  • 5
  • 3
  • +2
18 Comments
 

Expert Comment

by:tmtroutman
ID: 17898827
Set up another DNS zone and create a host record for dname1 pointing to the correct IP address.
0
 
LVL 25

Expert Comment

by:mikeleebrla
ID: 17898924
actually you can't do the port part with DNS at all.  All DNS does is tranlate FQDNs to IP addresses and visa versa.  Any port forwarding will have to be done on your router/firewall.

0
 

Expert Comment

by:tmtroutman
ID: 17899113
I thought the submitter wanted either or. mikeleebrla is right, i just gave you a solution if you wanted to do it with ip using dns. Seems easier to me than making changes in a router or firewall, but i'm lazy :)
0
 
LVL 25

Expert Comment

by:mikeleebrla
ID: 17899147
not according to the quesiton,,, both of his scenerios involve changing the destination port

i'm not really sure WHY you would need to do this however.  If the question asker could give a WHOLE explanation of the problem perhaps we could give a better solution than changing the destiation port.
0
 
LVL 13

Expert Comment

by:Joseph Hornsey
ID: 17899352

Actually, the problem that you're running into is two-fold:

1. You want the request (for Dname1) to be re-directed to Dname2 - this is name to IP address resolution (DNS)
2. You want the request (for port 80) to be re-directed to the other port - this is port forwarding (application layer)

Here's an example (assuming that the web site is inside your network):
                 - You want users to type in http://www.domain1.com to get to the web site
                 - The web site is located on Server2 which has an IP address of 192.168.5.201/24 on your internal network
                 - You have the block of addresses 10.152.67.9/29 on your external interface of the firewall and you decide to assign 10.152.67.12 to the web site

To accomplish this, you would need to do the following:
                 - Create a DNS A record for www in the domain1.com zone and assign it the IP address 10.152.67.12
                 - Create a mapping on your firewall which would map 10.152.67.12 to 192.168.5.201

This will not take care of changing the port from 80 to something else.  However, on your internal network you should have an abundance of IP addresses, so just assign an IP address to that web site and let it use port 80.

Here's another example (assuming that you can't do the above):
                 - You want users to type in http://www.domain1.com to get to the web site
                 - There's an existing web site at http://www.domain2.com:12345 which the request needs to go to
                 - You don't have the option of changing the port, IP address or DNS name

To accomplish this, you would need to do the following:
                 - At the domain1.com web site, create an HTML file and make it the Default Document in IIS for that site
                 - Here's the HTML for that document:
                     
                      <html>
                      <head>
                      <meta http-equiv="REFRESH" content="0; URL=http://www.domain2.com:12345/">
                      <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
                      <title>Page Redirect</title>
                      </head>
                      <body link="#0000A6" vlink="#0000A6" alink="#0000A6">
                      <center>
                      <FONT COLOR=#0000A6>
                      <H4>If you aren't automatically redirected to the other site, click <a href="http://www.domain2.com:12345/">here</a>. </H4>
                      </FONT>
                      </center>
                      </body>
                      </html>

If you don't want to do it the HTML way, you can always do it with a 301 redirect using ASP.NET (create a text file with .aspx extension and make that the default page for your original web site):

                      <script runat="server">
                      private void Page_Load(object sender, System.EventArgs e)
                      {
                      Response.Status = "301 Moved Permanently";
                      Response.AddHeader("Location","http://www.domain2.com:12345/");
                      }
                      </script>

Hope that helps!

<-=+=->
0
 
LVL 13

Expert Comment

by:Joseph Hornsey
ID: 17899362

Oops... I forgot.  In the second example, you'll still need to set up a DNS A record and port forwarding on your firewall if the site is inside your network.

<-=+=->
0
 
LVL 1

Author Comment

by:DVDude_1
ID: 17899393
intranet web sites. hosted by a win2k3 member server...   internal domain only... again a test case.  I want users to type in http://<insertcompname>.<insertDname> instead of http://<IPAddress>:<port> or http://<insertcompname>.<insertDname>:<port>...  there are multiple websites on the server in question that are differentiated by ports ex..  192.168.x.x:80, 192.168.x.x:8080, and 192.168.x.x:8888 are different pages.  I want the end user to enter http://<something>.<insertDname> and get directed to 192.168.x.x:80, likewise have http://<somethingelse>.<insertDname> would forward to 192.168.x.x:8080 etc.  with 192.168.x.x being the same in all cases...   how would I do this? currently the test dns server has Arecords for the webservers.
0
 
LVL 1

Author Comment

by:DVDude_1
ID: 17899453
and I do have access to the firewall if needed
0
 
LVL 13

Expert Comment

by:Joseph Hornsey
ID: 17899472

Dude,

The easiest way to do this is to use host headers.  (Sorry... I thought you were trying to do something else)

To use host headers, open your IIS management console, right-click on the web site and go to Properties.  On the web site tab, you have a button next to the IP address field called "Advanced".  Click on that and you'll be able to configure the host headers (it's the "Multiple identities for this web site" box on the top of the window).

Example:

You've got three web sites and you want users to be able to go to app1.yourdomain.com, app2.yourdomain.com and app3.yourdomain.com.  You don't want them to input port numbers.

Here's how you set it up:

1. Create DNS A records for app1, app2 and app3 and point them all to the same IP address (the address on your server)
2. Go to each web site and configure the host header:
     - Right-click on web site and choose Properties
     - On the Web Site tab, click Advanced
     - On the Advanced window, click the top Add button
     - Select the IP address (they'll all use the same one)
     - Set the TCP port to 80
     - Set the host header value to the correct name (e.g., app1.yourdomain.com or app2.yourdomain.com)

That will do it for you!

Hope that helps!

<-=+=->

0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 25

Expert Comment

by:mikeleebrla
ID: 17899602
yep, host headers are the way to do this.

http://www.visualwin.com/host-header/

remove all of that changing of the default HTTP port 80 stuff to another port that you configured also. true, that way will work, but is confusing for users.
0
 
LVL 1

Author Comment

by:DVDude_1
ID: 17899648
Thanks, I will test later today..
0
 
LVL 4

Expert Comment

by:Smacky311
ID: 17899734
I'm sure you could also achieve the same results with a META Refresh:  http://www.html-reference.com/META_httpequiv_refresh.htm
0
 
LVL 1

Author Comment

by:DVDude_1
ID: 17908260
ok well i must be doing something wrong.... I tried SplinterCell's way and I keep getting:
bad request
or
invalid hostname
or
invaild host header

any other solutions that do not require modifing the <meta> or <head> tags in the html codE?
0
 
LVL 1

Author Comment

by:DVDude_1
ID: 17908266
I did create the required 'A' records
0
 
LVL 13

Expert Comment

by:Joseph Hornsey
ID: 17912206
Dude,

The only thing I can think of is that the host headers are not configured correctly.  The key is that you use the same IP address for each web site (and thus, each A record) and the same port number.

Example:

My domain - mydomain.com
Site 1 - testing
Site 2 - accounting
Site 3 - timeclock
Server IP - 192.168.1.222

I'd configure A records in the mydomain.com domain for testing, accounting and timeclock and give them all the same IP address (192.168.1.222).

Next, I'd configure IIS and create three virtual servers.  Each would have the same IP address (192.168.1.222), the same port (80) and I would configure the host headers for each site as testing.mydomain.com, accounting.mydomain.com and timeclock.mydomain.com (one per site).

Your host headers have to exactly match the FQDN being entered into IE.  So, if the host header is timeclock.mydomain.com, then you'd have to go to the web site via IE by typing in "http://timeclock.mydomain.com".  If you just put in "http://timeclock", it won't work.

Also, if you've got a proxy server on your network, you'll need to make sure you're bypassing it for internal addresses.

Double-check that stuff and then post back.

<-=+=->

0
 
LVL 1

Author Comment

by:DVDude_1
ID: 17915177
ok so this is what i entered:

domain: mydomain.com
site1: bugs
Header info: 192.168.50.150:8888 -> bugs.mydomain.com
site2: dev
Header info: 192.168.50.150:8013 -> dev.mydomain.com
site3: stage
Header info: 192.168.50.150:80 -> stage.mydomain.com


A records:
bugs.mydomain.com -> 192.168.50.150
dev.mydomain.com -> 192.168.50.150
stage.mydomian.com -> 192.168.50.150

and no matter what I type in bugs.mydomain.com or dev.mydomain.com in a browser I still only get the default port 80 page which is the stage.mydomain.com

What am I doing wronG?
0
 
LVL 13

Accepted Solution

by:
Joseph Hornsey earned 500 total points
ID: 17915462


Set the host headers as follows:

domain: mydomain.com
site1: bugs
Header info: 192.168.50.150:80 -> bugs.mydomain.com
site2: dev
Header info: 192.168.50.150:80 -> dev.mydomain.com
site3: stage
Header info: 192.168.50.150:80 -> stage.mydomain.com

Here's how to think of this:

You can differentiate between web sites three different ways:

1. By IP address
2. By port number
3. By host header

If you use a separate IP address for each web site, then using separate port numbers or host headers is uneccessary
If you use a separate port number for each web site, then using separate IP addresses or host headers is uneccessary
If you use a separate host header for each web site, then using separate IP addresses or port numbers is uneccessary

The beauty of host headers is that the web server is still listening to port 80 on only one IP address.  It looks at the request and picks out the FQDN (bugs.mydomain.com) to determine which web site to send the request to.  So, separate port numbers or IP addresses aren't needed.

The way you're configured now would work if you went to dev.mydomain.com:8013 or bugs.mydomain.com:8888.

Does that make sense?

<-=+=->



0
 
LVL 1

Author Comment

by:DVDude_1
ID: 17915564
yes thanks you
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Don’t let your business fall victim to the coming apocalypse – use our Survival Guide for the Fax Apocalypse to identify the risks and signs of zombie fax activities at your business.
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now