Namebased NAT Lookup

Question

I have a dedicated test server with a single public facing IP that has VMWare Server on it and 4 test environments hooked up through NAT.

This works fine to RDP into the Windows Server 2003 host and preview the sites and client/server from there, but some of these sites/servers need to be accessed externally by clients.

Is there anyway to translate a Name (i.e. clientXYZ.ourtestserver.com) that say GoDaddy's DNS resolves to the host server (64.89.12.44), to the private IP (192.168.248.16), and forward all traffic to the guest?

All help is much appreciated.

score 2 · Accepted Answer · answered Jul 24 '09 at 13:57

No, this is not possible using a single address without accepting drawbacks or using software that is specialised for this approach. What you can do is:

Forward a port for each target machine. Let's say you have three NATed machines that host a service on TCP port 12345. You could create portforwardings on your public machine: Port 12345 -> Host A, Port 12345 Port 12346 -> Host B, Port 12345 Port 12347 -> Host C, Port 12345
Use a protocol level reverse proxy. This of course only works for protocols that inherently support naming like needed. Assuming you want to serve HTTP you'd have a reverse proxy running on port 80 on your public address. This proxy would then analysze the Host: headers and forward the request to the NATed machines.

score 0 · Answer 2 · answered Jul 24 '09 at 14:06

If I understand your question correctly I can think of a way to do this which might indeed work for you. It is a bit convoluted but I think it will work. Each VM machine can be given the ability to route from one machine to the other. Considering this is a test environment, the performance hit of this method may not matter.

So here goes... If all of the unique external DNS entries you need resolve to the same IP address, then simply configure each VM server to be aware of how to reach each specific VM server by the way of a static route. You need to hardcode the fqdn in the host files of the affected VMs or you can use your internal DNS if you have one. You will still need to configure specific routes for each machine you are routing to locally.

I fail to see how your approach solves the problem at all. Please clarify and/or change the wording, it's very hard to read either way. — Jan Jungnickel, Jul 24 '09 at 14:09

score 0 · Answer 3 · answered Jul 24 '09 at 14:58

0

The homepage of Pound explains how to do exactly this up by using pound as a reverse proxy in the VIRTUAL HOSTS (IN GENERAL) section. Although the author says he doesn't think this is Pound's job :-) I think you also might be able to do this with Apache using mod_proxy.

Basically pound gets the public IP, and distributes the requests to the appropriate private IP by reading the HTTP request headers. Generally you didn't used to be able to do this with SSL, but there ways to do this now, see this link.

answered Jul 24 '09 at 14:58

Kyle Brandt

83,619
74
305
448

Thats perfect for HTTP, but there are other protocols we need. SSH, MySQL etc. – Jeremy Boyd Jul 24 '09 at 15:06
Jeremy: That sounds strange ... You have mysql exposed to the outside world? More common is the webservers from the private ip that talk to mysql. With SSH, you can run it on different ports maybe? That is generally a good idea anyways so you are not always getting scanned by bots. Lastly, you can always just buy some more public IPs :-) – Kyle Brandt Jul 24 '09 at 15:16
Jeremy: You can mix and match both approaches I mentioned in my answer. HTTP can be solved by reverse proxy, ssh and mysql by portforwarding. – Jan Jungnickel Jul 24 '09 at 15:41

Namebased NAT Lookup

3 Answers3

Linked