• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 959
  • Last Modified:

One WAN IP, multiple LAN IP's

I have a Netgear residential-class router, a single WAN IP, and multiple servers running on an ESX host.

My goal is to have subdomains that point to different internal addresses. For example:
hw points to 10.0.0.10 (an ILO card)
www. points to 10.0.0.14 (IIS server)
mail. points to 10.0.0.16 (exchange server)
etc

While some of these can be achieved through port forwarding, I can not change all the servers running port 80.

The root domain / www. subdomain need to remain on 80, but the hw. subdomain would point to an embedded ILO controller on the server. This service runs on a unique internal IP on port 80, and I can not change it. The goal behind this is that even in the event of a power failure that exhausts our UPS's capacity, once power is restored we could remote in and power everything back up without having to touch the hardware.

Effectively this question comes down to how can I route to multiple servers on a single public IP address with a simple router?

I will have a 2008 R2 domain controller in this environment, that will have DNS features enabled. Is there a function of 2008 R2 that could do a reverse-proxy?

I could assign a DMZ IP on my router to point to a vSwitch in the ESX host, but that doesn't do any good for getting to the ILO card.

Will I end up needing to buy a router that can be programmed for NAT?

I know just enough to be dangerous with this technology and am trying to find the best solution.
0
vopakit
Asked:
vopakit
  • 4
  • 3
  • 2
1 Solution
 
Lee W, MVPTechnology and Business Process AdvisorCommented:
Question:  If this is a business, why are you using a residential class router?  This seems like a bad idea too me...  A Business Class Router should be able to handle Multiple IPs and even Multiple WAN connections.
0
 
Paul SolovyovskySenior IT AdvisorCommented:
I agree with leew. Should be able to get a cheap 5 IP block business class for as low as $50 month.
0
 
vopakitAuthor Commented:
It's not a business, it's a home system. I travel, a lot, and am rarely here. Failures almost always occur when no one is home - usually for a week or so at a time. Unfortunately I don't make enough to afford multiple static IP's.
0
Managing Security & Risk at the Speed of Business

Gartner Research VP, Neil McDonald & AlgoSec CTO, Prof. Avishai Wool, discuss the business-driven approach to automated security policy management, its benefits and how to align security policy management with business processes to address today's security challenges.

 
Lee W, MVPTechnology and Business Process AdvisorCommented:
When you're not using business class equipment, you're more prone to failures.

Why do you think your router can't do NAT?  All netgear routers I've seen do.
0
 
vopakitAuthor Commented:
It's a WNDR3700... the only options I can find are a single DMZ address and port forwarding. I haven't found any options for creating a NAT table. Have I overlooked something?
0
 
Lee W, MVPTechnology and Business Process AdvisorCommented:
Maybe I'm misunderstanding you...

You have - and can only get - ONE public IP.

You want that IP to be split between hosts - FOR EXAMPLE:
(Service - Server IP)
SMTP 192.168.1.10
HTTP 192.168.1.11
iLO 192.168.1.20
HTTPS 192.168.1.11
Etc.

Then you need to port forward to the appropriate addresses.
The following is a link that describes doing so for SMTP - change the port as necessary for other services:
http://portforward.com/english/routers/port_forwarding/Netgear/WNDR3700/SMTP.htm

NOTE: Some things you simply will not be able to do without a second IP OR running things on non-standard ports.  For example, if you want a web server separate from the Exchange server (with OWA), then either the OWA web service OR the web server will need to be on a different port - one on 80 another on 8080 or 10080 or 15412 or whatever.  (Of course, you could use host headers and have JUST the exchange server be your web server as well).

By the way, doesn't your ISP block port 80 and 25 on residential lines?  
0
 
vopakitAuthor Commented:
I think what I'm going to do is just set auto power-up, configure boot times to allow everything to come up normally, pick the most common systems to keep default ports and forward out the rest. I can always just RDP in to do anything else.

After calling in and using the right phrases, my ISP has unblocked all inbound ports. Most are obligated to open traffic if you complain enough.

I should be able to drop the OWA portion of exchange on to the IIS server, so I guess for the time being it'll just be connected to my DMZ and I'll work with that.

I knew this was a long-shot at best. Hopefully there's a raise in my future and I can get a block of IP's to set everything up the way I'd truly like it.

Thanks for all your feedback!
0
 
vopakitAuthor Commented:
Sometimes it just can't be done.
0
 
Paul SolovyovskySenior IT AdvisorCommented:
ILO uses http/https.  You'll have to configure it on a different port if you're going to use 80 and 443 for other servers
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

KuppingerCole Reviews AlgoSec in Executive Report

Leading analyst firm, KuppingerCole reviews AlgoSec's Security Policy Management Solution, and the security challenges faced by companies today in their Executive View report.

  • 4
  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now