One WAN IP, multiple LAN IP's

I have a Netgear residential-class router, a single WAN IP, and multiple servers running on an ESX host.

My goal is to have subdomains that point to different internal addresses. For example:
hw points to (an ILO card)
www. points to (IIS server)
mail. points to (exchange server)

While some of these can be achieved through port forwarding, I can not change all the servers running port 80.

The root domain / www. subdomain need to remain on 80, but the hw. subdomain would point to an embedded ILO controller on the server. This service runs on a unique internal IP on port 80, and I can not change it. The goal behind this is that even in the event of a power failure that exhausts our UPS's capacity, once power is restored we could remote in and power everything back up without having to touch the hardware.

Effectively this question comes down to how can I route to multiple servers on a single public IP address with a simple router?

I will have a 2008 R2 domain controller in this environment, that will have DNS features enabled. Is there a function of 2008 R2 that could do a reverse-proxy?

I could assign a DMZ IP on my router to point to a vSwitch in the ESX host, but that doesn't do any good for getting to the ILO card.

Will I end up needing to buy a router that can be programmed for NAT?

I know just enough to be dangerous with this technology and am trying to find the best solution.
Who is Participating?
Lee W, MVPConnect With a Mentor Technology and Business Process AdvisorCommented:
Maybe I'm misunderstanding you...

You have - and can only get - ONE public IP.

You want that IP to be split between hosts - FOR EXAMPLE:
(Service - Server IP)

Then you need to port forward to the appropriate addresses.
The following is a link that describes doing so for SMTP - change the port as necessary for other services:

NOTE: Some things you simply will not be able to do without a second IP OR running things on non-standard ports.  For example, if you want a web server separate from the Exchange server (with OWA), then either the OWA web service OR the web server will need to be on a different port - one on 80 another on 8080 or 10080 or 15412 or whatever.  (Of course, you could use host headers and have JUST the exchange server be your web server as well).

By the way, doesn't your ISP block port 80 and 25 on residential lines?  
Lee W, MVPTechnology and Business Process AdvisorCommented:
Question:  If this is a business, why are you using a residential class router?  This seems like a bad idea too me...  A Business Class Router should be able to handle Multiple IPs and even Multiple WAN connections.
Paul SolovyovskySenior IT AdvisorCommented:
I agree with leew. Should be able to get a cheap 5 IP block business class for as low as $50 month.
Firewall Management 201 with Professor Wool

In this whiteboard video, Professor Wool highlights the challenges, benefits and trade-offs of utilizing zero-touch automation for security policy change management. Watch and Learn!

vopakitAuthor Commented:
It's not a business, it's a home system. I travel, a lot, and am rarely here. Failures almost always occur when no one is home - usually for a week or so at a time. Unfortunately I don't make enough to afford multiple static IP's.
Lee W, MVPTechnology and Business Process AdvisorCommented:
When you're not using business class equipment, you're more prone to failures.

Why do you think your router can't do NAT?  All netgear routers I've seen do.
vopakitAuthor Commented:
It's a WNDR3700... the only options I can find are a single DMZ address and port forwarding. I haven't found any options for creating a NAT table. Have I overlooked something?
vopakitAuthor Commented:
I think what I'm going to do is just set auto power-up, configure boot times to allow everything to come up normally, pick the most common systems to keep default ports and forward out the rest. I can always just RDP in to do anything else.

After calling in and using the right phrases, my ISP has unblocked all inbound ports. Most are obligated to open traffic if you complain enough.

I should be able to drop the OWA portion of exchange on to the IIS server, so I guess for the time being it'll just be connected to my DMZ and I'll work with that.

I knew this was a long-shot at best. Hopefully there's a raise in my future and I can get a block of IP's to set everything up the way I'd truly like it.

Thanks for all your feedback!
vopakitAuthor Commented:
Sometimes it just can't be done.
Paul SolovyovskySenior IT AdvisorCommented:
ILO uses http/https.  You'll have to configure it on a different port if you're going to use 80 and 443 for other servers
All Courses

From novice to tech pro — start learning today.