0

I am trying to configure access to a web portal hosted on a private WAN for internet users, originally the plan was to use split-DNS to resolve the hostname depending on what ip the client was coming from, but this can't be done because the public DNS servers have to point to the private WAN ip instead of the public ip we configured for the site.

I know now that this can't be done with DNS alone, but I am no web developer and have little experience trying to configure this kind of url rewriting or redirect or if that is even a viable solution.

Here's what I need to happen:

Private WAN users need to be able to access www.example.com at 5.6.7.8

Internet users need to be able to access www.example.com at 1.2.3.4 (public ip for 5.6.7.8) or public.example.com at 1.2.3.4 but still be able to resolve links so that when they hit www.example.com/links.html it will resolve to public.example.com, but ONLY for the internet users.

I'm at a loss at this point and not even sure it's possible so any help would be appreciated!!

Thx!

user43332
  • 1
  • You may be looking at this backwards. Are your users always coming from a know set of IP addresses? For example, are they customers coming from a known company gateway IP address? Or are they users on teleco subscriber lines and their IP address would be dynamically assigned? There are two other options; cookies and using ports numbers. But I will wait to hear back. – closetnoc Jul 17 '14 at 03:40
  • @user43332 Can you add some details as to what you're working with (e.g., Apache, IIS, ngnix...)? –  Jul 17 '14 at 04:53
  • Dns server hosted in private zone? – tike Jul 17 '14 at 06:53
  • Only my user on the private WAN are coming from known ip's....everyone else will be coming in from the internet. – user43332 Jul 17 '14 at 15:42
  • It is an web portal running on Apache. We do have our BIND DNS server running in the private zone, it actually sits in our DMZ and separate from our internal AD DNS server. It was supposed to route users from the internet to our public site address and private WAN users to the private address...but it would only work from the internet if you specified our DNS server....which could be a configuration problem I was not the one who configured it. – user43332 Jul 17 '14 at 15:49

1 Answers1

0

why not overload example.com to point to both 1.2.3.4 and 5.6.7.8?

it might not be the most elegant solution, but I don't see any reason why it couldn’t work, or shouldn’t be done (unless this is a high security institution of sorts). Split DNS sounds more elegant, and I don't really understand what your issue was setting this up... but regardless

any modern browser will try 1.2.3.4, and it should succeed for public clients. but clients who are on the private network, it should fail over and attempt the secondary IP. this should be totally transparent to the end user.

which will resolve, but only for those on the Private Network (5.6.7.8)

try just adding two A records for example.com

and leave public.example.com with one single A record (1.2.3.4)

however, you must make sure the private address for this server uses a private IP address space, following the standards set by RFC 1918. personally, I would make sure to use an IP or Subnet which is very uncommon to be used in a LAN, or any other private network set-up.

RapidWebs
  • 571
  • 4
  • 13