Solved

Natting

Posted on 2015-01-29
2
131 Views
Last Modified: 2015-02-01
I have only 1 public ip, although I have 2 applications on port 443 that need to be usable externally.  Is there something else I can do to get them both natted to the outside?
0
Comment
Question by:Jack_son_
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 30

Assisted Solution

by:Rich Weissler
Rich Weissler earned 250 total points
ID: 40578819
A reverse proxy comes to mind.
0
 
LVL 3

Accepted Solution

by:
Stephen Berk earned 250 total points
ID: 40578943
NAT is happening at the IP and TCP layers, so you either need another IP address or you need to move one of your TCP/443 apps to a different port. It probably isn't feasible to move the app to a different port (assuming its public facing), so a 2nd IP address is probably your easiest and/or cheapest option.

That said, Rich is right on with his suggestion of a reverse proxy. I use F5 Big-IP's in this setup and let the URI's of the various web apps dictate how I will forward traffic to the servers being proxied. Here's a doc from F5 that gives an intro to URI translation (http://goo.gl/zyWGWN) and how the Big-IP proxies traffic. Don't get lost in the details, it's really just to show you what conceptually what's happening. And don't think you need an F5 solution to get a reverse proxy for web traffic. The Big-IP is an enterprise solution that handles much more than reverse proxying. Apache, Nginx, and Squid are all software proxies you can load onto a Linux server.

The Q&D: 443 traffic comes in from the Internet, the firewall NAT's to an address on the reverse proxy, the reverse proxy examines the URI and forwards to some web server.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
SMB Packet - File Data 4 79
Can't access router with user and pass 10 109
Need to cut my Verizon home cost 3 67
how to know if a router is connected to a certain port 9 49
We recently endured a series of broadcast storms that caused our ISP to shut us down for brief periods of time. After going through a multitude of tests, we determined that the issue was related to Intel NIC drivers on some new HP desktop computers …
David Varnum recently wrote up his impressions of PRTG, based on a presentation by my colleague Christian at Tech Field Day at VMworld in Barcelona. Thanks David, for your detailed and honest evaluation!
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question