• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 134
  • Last Modified:

Redirecting an IP address to another IP address in a Host File in Server 2012

I know many out there say this doesn't work but we've have it work in Windows Server 2008 and 2008R2.  Now when we try to do it in Windows Server 2012R2 it doesn't work.  Did Microsoft change something that will now prevent this from working?
0
Beratung
Asked:
Beratung
3 Solutions
 
Cliff GaliherCommented:
Nope. If you had this working, it wasn't via host files alone (someone did something else that wasn't documented.)

The IPv4 DNS stack has changed very little even going back to 2000. And that is where the host file comes in, as part of the precedence and fallback of DNS lookups. Valid IP addresses are never subjected to a DNS lookup so a host file is never used. A host file also never "redirects" so that isn't the case either.

-Cliff
0
 
QlemoBatchelor, Developer and EE Topic AdvisorCommented:
There could have been a tricky setup, relying on using the HOSTS file for reverse name resolution, and then the name to resolve to a different IP, but I have never heard of someone doing that.
There are some known "faults" in the TCP/IP stack implementation of WIndows, using Name resolution attempts even when supplying IP addresses, so it might have been possible with older OS to exploit that bug. But it is a bug.

The proper way to translate IP addresses to IP addresses is to use a NAT service. RRAs can do that, at least externally (crossing physical or virtual interfaces).
0
 
BeratungAuthor Commented:
I have dug further into this configuration and the use of it and here is what I have uncovered.

The redirection is indeed working on pre-2012 servers.  It is not a redirection of the IP per se but, I believe, it is treating the host file entry as if the IP is an actual name that is resolving to an IP; meaning, entering an ip1 and an ip2 in a host file entry will resolve to ip1 what it believes is a name of ip2.  It sees 192.168.21.x as a name and not an IP.  You might ask yourself so what.  That's where the use comes in.  We are doing this for a file share to make it accessible in a DMZ with a subnet of 172.16.1.x, so that it knows that the share \\192.168.21.x should be resolved to \\172.16.1.x.  Since it sees \\192.168.21.x as a name that's all it needs.  Now if you ping 192.168.21x, even with allowing ping through the DMZ to the LAN for a test, it can't ping it because it then wants it to be an IP address which it is not.  That's where everyone who says you can't redirect an IP in a host file is correct.  You can't, but this is not an IP redirection, but the resolution of a name for which host files use is intended.

This is all guessing on my part but it makes sense.  Now with Server 2012 it must be treating \\192.168.21.x as an IP and not a name for some reason.  Either a bug or a resolution to a previous bug I would think.

Am I on the right track at all?

I know some of you might ask why we are trying to do this.  To be honest, it is a bandaid but we don't have much choice.  We have an application on the DMZ that we can't change the IP address in its agent software configuration that needs to point to a share on another server on the LAN.  The fact that they are on two different subnets with a NAT between them presents a problem, so we found this way to fool the agent into thinking the share \\192.168.21.x is actually the IP it is looking for.  Unfortunately the software manufacturer uses IP's for these shares, doesn't allow using names, and supposedly you can't change where it points.  Flawed I will agree.

The bottom line is the behavior seems to have changed in 2012, but did it really?  Anyhow have any insight on this?
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
QlemoBatchelor, Developer and EE Topic AdvisorCommented:
As I stated in http:#a40555340, if it worked, it was a bug.

All you can try now is to set up a port redirector for share ports (139 and/or 445) on a PC you do not need to have shares enabled (that is, LanManServer service may not be active).
One of those redirectors is FPipe from McAfee.
0
 
Seth SimmonsSr. Systems AdministratorCommented:
I've requested that this question be closed as follows:

Accepted answer: 500 points for Cliff Galiher's comment #a40554636

for the following reason:

This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0
 
QlemoBatchelor, Developer and EE Topic AdvisorCommented:
The suggested answer http:#a40554636 is only correct in parts.
In http:#a40555340 I explain why this could have worked (contradicting what cgaliher stated) with legacy OS. The OP "confirmed" in http:#a40579672 the setup was probably as I told.

In http:#a40579743 I've suggested a workaround.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now