Solved

Redirecting an IP address to another IP address in a Host File in Server 2012

Posted on 2015-01-16
8
53 Views
Last Modified: 2015-06-26
I know many out there say this doesn't work but we've have it work in Windows Server 2008 and 2008R2.  Now when we try to do it in Windows Server 2012R2 it doesn't work.  Did Microsoft change something that will now prevent this from working?
0
Comment
Question by:Beratung
8 Comments
 
LVL 56

Accepted Solution

by:
Cliff Galiher earned 250 total points
Comment Utility
Nope. If you had this working, it wasn't via host files alone (someone did something else that wasn't documented.)

The IPv4 DNS stack has changed very little even going back to 2000. And that is where the host file comes in, as part of the precedence and fallback of DNS lookups. Valid IP addresses are never subjected to a DNS lookup so a host file is never used. A host file also never "redirects" so that isn't the case either.

-Cliff
0
 
LVL 68

Assisted Solution

by:Qlemo
Qlemo earned 250 total points
Comment Utility
There could have been a tricky setup, relying on using the HOSTS file for reverse name resolution, and then the name to resolve to a different IP, but I have never heard of someone doing that.
There are some known "faults" in the TCP/IP stack implementation of WIndows, using Name resolution attempts even when supplying IP addresses, so it might have been possible with older OS to exploit that bug. But it is a bug.

The proper way to translate IP addresses to IP addresses is to use a NAT service. RRAs can do that, at least externally (crossing physical or virtual interfaces).
0
 

Author Comment

by:Beratung
Comment Utility
I have dug further into this configuration and the use of it and here is what I have uncovered.

The redirection is indeed working on pre-2012 servers.  It is not a redirection of the IP per se but, I believe, it is treating the host file entry as if the IP is an actual name that is resolving to an IP; meaning, entering an ip1 and an ip2 in a host file entry will resolve to ip1 what it believes is a name of ip2.  It sees 192.168.21.x as a name and not an IP.  You might ask yourself so what.  That's where the use comes in.  We are doing this for a file share to make it accessible in a DMZ with a subnet of 172.16.1.x, so that it knows that the share \\192.168.21.x should be resolved to \\172.16.1.x.  Since it sees \\192.168.21.x as a name that's all it needs.  Now if you ping 192.168.21x, even with allowing ping through the DMZ to the LAN for a test, it can't ping it because it then wants it to be an IP address which it is not.  That's where everyone who says you can't redirect an IP in a host file is correct.  You can't, but this is not an IP redirection, but the resolution of a name for which host files use is intended.

This is all guessing on my part but it makes sense.  Now with Server 2012 it must be treating \\192.168.21.x as an IP and not a name for some reason.  Either a bug or a resolution to a previous bug I would think.

Am I on the right track at all?

I know some of you might ask why we are trying to do this.  To be honest, it is a bandaid but we don't have much choice.  We have an application on the DMZ that we can't change the IP address in its agent software configuration that needs to point to a share on another server on the LAN.  The fact that they are on two different subnets with a NAT between them presents a problem, so we found this way to fool the agent into thinking the share \\192.168.21.x is actually the IP it is looking for.  Unfortunately the software manufacturer uses IP's for these shares, doesn't allow using names, and supposedly you can't change where it points.  Flawed I will agree.

The bottom line is the behavior seems to have changed in 2012, but did it really?  Anyhow have any insight on this?
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 
LVL 68

Assisted Solution

by:Qlemo
Qlemo earned 250 total points
Comment Utility
As I stated in http:#a40555340, if it worked, it was a bug.

All you can try now is to set up a port redirector for share ports (139 and/or 445) on a PC you do not need to have shares enabled (that is, LanManServer service may not be active).
One of those redirectors is FPipe from McAfee.
0
 
LVL 34

Expert Comment

by:Seth Simmons
Comment Utility
I've requested that this question be closed as follows:

Accepted answer: 500 points for Cliff Galiher's comment #a40554636

for the following reason:

This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0
 
LVL 68

Expert Comment

by:Qlemo
Comment Utility
The suggested answer http:#a40554636 is only correct in parts.
In http:#a40555340 I explain why this could have worked (contradicting what cgaliher stated) with legacy OS. The OP "confirmed" in http:#a40579672 the setup was probably as I told.

In http:#a40579743 I've suggested a workaround.
0

Featured Post

Do email signature updates give you a headache?

Constantly trying to correctly format email signatures? Spending all of your time at every user’s desk to make updates? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today!

Join & Write a Comment

Understanding the various editions available is vital when you decide to purchase Windows Server 2012. You need to have a basic understanding of the features and limitations in each edition in order to make a well-informed decision that best suits y…
A procedure for exporting installed hotfix details of remote computers using powershell
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now