Routing Internally Based on External Host Name
We have an Edmarc 4550 Router, configured with a static IP address, let's say of 2.2.2.2.
DNS settings for our domain associate the name mail.comp.com with 2.2.2.2. When you're out of our network and you try to go to mail.comp.com you are delivered to our router and it sends you to either our mail server (192.168.16.4) or our RDP server (192.168.16.3) depending on the port that you are using.
When internal to our network on 192.168.16.X, our users can't get to the requested service when trying to get to mail.comp.com. We have to use internal host names to make it work. Traffic is being routed to the public port of our Edgemarc, but the router doen't direct the request to the proper host.
Our Edgemarc replaced a Juniper 5GT that had no problem routing things properly internally or externally. What do I need to do to get the Edgemarc to handle this traffic properly?
DNS settings for our domain associate the name mail.comp.com with 2.2.2.2. When you're out of our network and you try to go to mail.comp.com you are delivered to our router and it sends you to either our mail server (192.168.16.4) or our RDP server (192.168.16.3) depending on the port that you are using.
When internal to our network on 192.168.16.X, our users can't get to the requested service when trying to get to mail.comp.com. We have to use internal host names to make it work. Traffic is being routed to the public port of our Edgemarc, but the router doen't direct the request to the proper host.
Our Edgemarc replaced a Juniper 5GT that had no problem routing things properly internally or externally. What do I need to do to get the Edgemarc to handle this traffic properly?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Just to try to provide add further clarity to my question.
I'm directing external requests to the proper host by port forwarding on the router. It apparently doesn't do a very good job of handling this from my private addresses (internal).
I'm directing external requests to the proper host by port forwarding on the router. It apparently doesn't do a very good job of handling this from my private addresses (internal).
Maybe I'm missing something in the explanation. The problem I have is that the domain IP should resolve to different Interneal addresses depending on the service involved.
Plain DNS cannot do that. SRV records are doing exactly that:
http://en.wikipedia.org/wiki/SRV_record
But - neither RDP nor SMTP are using them by protocol, only mail submission. Maybe there are RDP clients witch do lookup SRV records.
What you can do, is redirect the different ports on on each port of both hosts to the other server with a NAT port redirect; see here for iptables; I do not know about windows:
http://www.cyberciti.biz/faq/linux-port-redirection-with-iptables/
May this something you can do?
Hi,
yes DNS dont use port DNS is only IP but your router will routes trafic corectly to the port you have setuped in cfg.
So if you make internaly DNS record that server.domain.com to your WAN IP trfic will berouted by router to corect port.
Is it more understandable?
yes DNS dont use port DNS is only IP but your router will routes trafic corectly to the port you have setuped in cfg.
So if you make internaly DNS record that server.domain.com to your WAN IP trfic will berouted by router to corect port.
Is it more understandable?
ASKER
I've been spoiled by the old Juniper routers that I used. The feature that I'm looking for is support of SNAT. Juniper could handle it. Edgewater has informed me that they don't support it.
It was most important that users' cell phones would pick up their email when in the office so I tried helge000's suggestion and implemented a Split DNS using directions that I found on Matt Gibson's blog: http://www.mattgibson.ca/2008/07/13/setting-up-split-split-dns-with-windows-sbs-2003-dns-services-easily/
Once cache's were flushed it worked fine. Thank you both for your input.
It was most important that users' cell phones would pick up their email when in the office so I tried helge000's suggestion and implemented a Split DNS using directions that I found on Matt Gibson's blog: http://www.mattgibson.ca/2008/07/13/setting-up-split-split-dns-with-windows-sbs-2003-dns-services-easily/
Once cache's were flushed it worked fine. Thank you both for your input.
ASKER
For email I need it to resolve to my mail server at 192.168.16.4.
For RDP I need it to resolve to my RDP server at 192.168.16.3
I don't think DNS handles addressing based on Ports. So I'm thinking somehow I have to make sure that this is handled by the router since it knows how to make the right routing decision.