Mailinglist Archive: opensuse-security (685 mails)

< Previous Next >
Re: Emulate real ip's to access intranet hosts from outside
Hi again!
Thanks for your quickly answers,

I think I hadn't explained enough clearly in the first mail.
The problem is the following:
I have a SINGLE public ip with an associated domain. In that host I have
a DNS server, mail server, web, etc. The important point is at the DNS.
What i'd like to do is that the firewall forward all the packets
independently of the destiny port, which can be any, to a host of the
intranet with a private ip. The rule for decide which packets go to what
host in the intranet is the name that the client refered to.
Example:
when I do a ftp to ftp.mydomain.net my DNS server would forward the
request to the host 192.168.1.10.

I'd like to have a map like this:

ftp1.mydomain.net ---> 192.168.1.10
ftp2.mydomain.net ---> 192.168.1.50
www1.mydomain.net ---> 192.168.1.12
www2.mydomain.net ---> 192.168.1.33

and so on
But Actually in the internet all that names lookup to 213.1.2.3
and of course the 192.168.x.x is never seen from the internet

I know that apache can manage vhosts and I could redirect to a intranet
host all the web traffic coming to www2.mydomain.org, the same can be
done with wu-ftp or proftp where u can have multiple domains/dubdomains
and have different ftp root directorys depending on the name the client
used to contact it, and then I could set that roots pointing to nfs
mounted directories of the internal net, but what I'd like is that all
the traffic forward would depend on the name used by the client.

As I said it's not a port forwarding matter it would be a program which
could manage domain name vhosts and do some kind of bridging /
forwarding to the intranet depending on the name the client reffered.

So the idea is to emulate lots of real ips with just 1 public ip and 1
domain with all the subdomains I'd need.

Uh! I hope to have been clear enough this time, my English is not
perfect (I'm Spanish) so please let me know if u got the idea, ok?

Thanks a lot guys!

Ramon Acedo





< Previous Next >