Network wide rule to forwared IP address

Question

we have a virtual machine which hosts a web based bug tracker in our network which is reached internally via e.g. 192.168.1.5:9800. From the outside we made a port forwarding in our firewall so that the web site can be reached via e.g. 72.10.10.10:9800.

Now that works fine but the problem is that we got different IP addresses to reach the same service depending if we are in the office or at home and when the service sends out an email the link doesn't always work :)

So we are looking for a solution to fix it.

One could be to make a rule in out firewall that all communication to 72.10.10.10:9800 is forwarded to 192.168.1.5:9800... If that's possible that is considering it's an IP address + a port. The reason we used a port is because we only got one static public IP address but multiple virtual web appliances.

Thanks for any suggestions or solutions :)

Patrick

PS: The network is a Win 2008 R2 domain by the way and our firewall is SonicWall 2040 PRO http://www.sonicwall.com/us/products/PRO_2040.html

You surely already have a rule that all traffic from 72.10.10.10:9800 is forwarded to 192.168.1.5:9800, thats how port forwarding works. — Sam Cogan, Mar 22 '10 at 10:20
What brand/model is the firewall device? Some devices require extra configuration to support this kind of internal loopback NATing. — einstiien, Mar 22 '10 at 10:58

score 1 · Answer 1 · answered Mar 22 '10 at 13:40

On most of your higher end Routers you can specify

Forward Wan traffic on this port to this IP address or Forward all traffic on this port to this IP address

What make and model Router are you using?, check to see if it has the ability to set the All traffic option, if it does, tell everyone to stop using the internal IP and only use the External.

HTH

score 0 · Answer 2 · answered Mar 22 '10 at 13:14

0

Have you though about using a vpn for this , rather than port forwarding?

answered Mar 22 '10 at 13:14

The Unix Janitor

2,458
15
13

Yes we have a VPN but needing to turn the VPN on just to go to our bugtracker website isn't the most comfortable solution. Thanks – Patrick Wolf Mar 23 '10 at 02:37
your right only ip level but he has the same port listed 9800 – trent Mar 24 '10 at 06:47

score 0 · Answer 3 · answered Mar 23 '10 at 03:08

Based on Einstiien I found DNS NAT loopback from Sonicwall which is what we needed: http://www.sonicwall.com/us/support/2134_3454.html

Only question left is, could we have also done the DNS NAT loopback on Win 2008 R2 considering that all traffic goes through it before going to the router?

Thanks, Patrick

score 0 · Answer 4 · answered Mar 23 '10 at 03:12

0

I would use DNS to solve this problem ...give the server a name then resolve this server internally as the 192 address and have your external DNS server resove it with the other address.

answered Mar 23 '10 at 03:12

trent

3,114
19
17

Does it also work with ports? I though DNS works only on the IP level. Thanks – Patrick Wolf Mar 23 '10 at 12:43

Network wide rule to forwared IP address

4 Answers4