Routing Internally Based on External Host Name

We have an Edmarc 4550 Router, configured with a static IP address, let's say of
DNS settings for our domain associate the name with   When you're out of our network and you try to go to you are delivered to our router and it sends you to either our mail server ( or our RDP server ( depending on the port that you are using.

When internal to our network on 192.168.16.X, our users can't get to the requested service when trying to get to    We have to use internal host names to make it work.   Traffic is being routed to the public port of our Edgemarc, but the router doen't direct the request to the proper host.  

Our Edgemarc replaced a Juniper 5GT that had no problem routing things properly internally or externally.   What do I need to do to get the Edgemarc to handle this traffic properly?
Who is Participating?
Daniel HelgenbergerConnect With a Mentor Commented:
Its not clear to me what you want to archive, this?
External network: ->
Internal Network

Open in new window

If so, I want to add something to JEREMYNO's post.
You need to set up something called 'split DNS' - this means, you add the domain '' to your local DNS and add an A record for all the hosts necessary to reach from the insite, say, to their current IP's.

But, for instance for, you add an A Record pointing to your local machine's private address. You can do so with any number of hosts but will need to replicate any changes to the real outside (authoritative) domain ''.

Since your internal domain system will always query the local database first, you end up reliably to the hosts you want. Users on the outside cannot query your internal DNS, they will be fine, too.
This setup is fairly common and often used with Exchange, since you will soon not be able to get certificates for local domains any more. Also, from the user's point of view, it is much more transparent.
Jaroslav MrazConnect With a Mentor CTOCommented:

sipmly add records to your internal DNS - DNS A  or chname records mail. to your WAN IP

so you can still acess

if you have only local domain in DNS simply add it
kdubendorfAuthor Commented:
Maybe I'm missing something in the explanation.   The problem I have is that the domain IP should resolve to different Interneal addresses depending on the service involved.

For email I need it to resolve to my mail server at

For RDP I need it to resolve to my RDP server at

I don't think DNS handles addressing based on Ports.   So I'm thinking somehow I have to make sure that this is handled by the router since it knows how to make the right routing decision.
The new generation of project management tools

With’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

kdubendorfAuthor Commented:
Just to try to provide add further clarity to my question.

I'm directing external requests to the proper host by port forwarding on the router.  It apparently doesn't do a very good job of handling this from my private addresses (internal).
Daniel HelgenbergerCommented:
Maybe I'm missing something in the explanation.   The problem I have is that the domain IP should resolve to different Interneal addresses depending on the service involved.

Plain DNS cannot do that. SRV records are doing exactly that:
But - neither RDP nor SMTP are using them by protocol, only mail submission. Maybe there are RDP clients witch do lookup SRV records.

What you can do, is redirect the different ports on on each port of both hosts to the other server with a NAT port redirect; see here for iptables; I do not know about windows:

May this something you can do?
Jaroslav MrazCTOCommented:

yes DNS dont use port DNS is only IP but your router will routes trafic corectly to the port you have setuped in cfg.

So if you make internaly DNS record that to your WAN IP trfic will berouted by router to corect port.

Is it more understandable?
kdubendorfAuthor Commented:
I've been spoiled by the old Juniper routers that I used.   The feature that I'm looking for is support of SNAT.   Juniper could handle it.  Edgewater has informed me that they don't support it.

It was most important that users' cell phones would pick up their email when in the office so I tried helge000's suggestion and implemented a Split DNS using directions that I found on Matt Gibson's blog:

Once cache's were flushed it worked fine.   Thank you both for your input.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.