One WAN IP, multiple LAN IP's

Posted on 2010-11-29
Last Modified: 2012-05-10
I have a Netgear residential-class router, a single WAN IP, and multiple servers running on an ESX host.

My goal is to have subdomains that point to different internal addresses. For example:
hw points to (an ILO card)
www. points to (IIS server)
mail. points to (exchange server)

While some of these can be achieved through port forwarding, I can not change all the servers running port 80.

The root domain / www. subdomain need to remain on 80, but the hw. subdomain would point to an embedded ILO controller on the server. This service runs on a unique internal IP on port 80, and I can not change it. The goal behind this is that even in the event of a power failure that exhausts our UPS's capacity, once power is restored we could remote in and power everything back up without having to touch the hardware.

Effectively this question comes down to how can I route to multiple servers on a single public IP address with a simple router?

I will have a 2008 R2 domain controller in this environment, that will have DNS features enabled. Is there a function of 2008 R2 that could do a reverse-proxy?

I could assign a DMZ IP on my router to point to a vSwitch in the ESX host, but that doesn't do any good for getting to the ILO card.

Will I end up needing to buy a router that can be programmed for NAT?

I know just enough to be dangerous with this technology and am trying to find the best solution.
Question by:vopakit
  • 4
  • 3
  • 2
LVL 95

Expert Comment

by:Lee W, MVP
ID: 34236136
Question:  If this is a business, why are you using a residential class router?  This seems like a bad idea too me...  A Business Class Router should be able to handle Multiple IPs and even Multiple WAN connections.
LVL 42

Expert Comment

ID: 34236144
I agree with leew. Should be able to get a cheap 5 IP block business class for as low as $50 month.

Author Comment

ID: 34236169
It's not a business, it's a home system. I travel, a lot, and am rarely here. Failures almost always occur when no one is home - usually for a week or so at a time. Unfortunately I don't make enough to afford multiple static IP's.
LVL 95

Expert Comment

by:Lee W, MVP
ID: 34236195
When you're not using business class equipment, you're more prone to failures.

Why do you think your router can't do NAT?  All netgear routers I've seen do.
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.


Author Comment

ID: 34236208
It's a WNDR3700... the only options I can find are a single DMZ address and port forwarding. I haven't found any options for creating a NAT table. Have I overlooked something?
LVL 95

Accepted Solution

Lee W, MVP earned 250 total points
ID: 34236234
Maybe I'm misunderstanding you...

You have - and can only get - ONE public IP.

You want that IP to be split between hosts - FOR EXAMPLE:
(Service - Server IP)

Then you need to port forward to the appropriate addresses.
The following is a link that describes doing so for SMTP - change the port as necessary for other services:

NOTE: Some things you simply will not be able to do without a second IP OR running things on non-standard ports.  For example, if you want a web server separate from the Exchange server (with OWA), then either the OWA web service OR the web server will need to be on a different port - one on 80 another on 8080 or 10080 or 15412 or whatever.  (Of course, you could use host headers and have JUST the exchange server be your web server as well).

By the way, doesn't your ISP block port 80 and 25 on residential lines?  

Author Comment

ID: 34236257
I think what I'm going to do is just set auto power-up, configure boot times to allow everything to come up normally, pick the most common systems to keep default ports and forward out the rest. I can always just RDP in to do anything else.

After calling in and using the right phrases, my ISP has unblocked all inbound ports. Most are obligated to open traffic if you complain enough.

I should be able to drop the OWA portion of exchange on to the IIS server, so I guess for the time being it'll just be connected to my DMZ and I'll work with that.

I knew this was a long-shot at best. Hopefully there's a raise in my future and I can get a block of IP's to set everything up the way I'd truly like it.

Thanks for all your feedback!

Author Closing Comment

ID: 34236259
Sometimes it just can't be done.
LVL 42

Expert Comment

ID: 34236336
ILO uses http/https.  You'll have to configure it on a different port if you're going to use 80 and 443 for other servers

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

This article is focussed on erradicating the confusion with slash notations. This article will help you identify and understand the purpose and use of slash notations. A deep understanding of this will help you identify networks quicker especially w…
I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now