1

Is it possible to use one domain to connect with servers in NAT?

Example

example.ltd - > 12.12.12.12
nat1.example.ltd - > 12.12.12.12 - > 192.168.1.100
nat2.example.ltd - > 12.12.12.12 - > 192.168.1.101
etc..

Is it possible? I have only one IP address. Thanks a lot for any advices :)

Explain again.

My IP is for example 12.12.12.12

My domain: domain.ltd Record A is bind to IP 12.12.12.12

In my router DMZ is: 192.168.1.2 , so traceroute is domain.ltd -> 12.12.12.12 -> 192.168.1.2

Now I want bind subdomain.domain.ltd to 192.168.1.100

Is it possible?

// EDIT: What about non WWW servers? Can I route ssh ports etc.?

Sven
  • 98,649
  • 14
  • 180
  • 226
typedefex
  • 11
  • 2
  • Start with specifying what exactly are you trying to connect to? It doesn't sound like you're talking about web-servers... – Anubioz Aug 16 '16 at 13:33

2 Answers2

0

You can use a reverse proxy like nginx that processes the requests according to the domain name used. Scheme would be:

Proxy-IP: 13.13.13.13

all www traffic via NAT -> 13.13.13.13

On 13.13.13.13 you have multiple server entries for different names and inside the server section nginx will redirect your traffic to the matching hosts.:

server{
server_name     domain.ltd;
listen          0.0.0.0:80;
proxy_pass      http://12.12.12.12/;
...
}

server{
server_name     nat1.domain.ltd;
listen          0.0.0.0:80;
proxy_pass      http://192.168.1.100/;
...
}

server{
server_name     nat1.domain.ltd;
listen          0.0.0.0:80;
proxy_pass      http://192.168.1.101/;
...
}

More information i.e. here: https://www.nginx.com/resources/admin-guide/reverse-proxy/

antic-eye
  • 1
  • 3
0

antic-eye is correct; you can direct web traffic to internal hosts using a proxy of some kind. I do it with squid on my firewall with PfSense. I use it to send requests based on domain name to the correct internal server.

You can also use port forwarding to send any tcp/udp traffic to specific ports to specific internal servers. This is common practice.

For name based routing of non-www protocols like SSH, it sounds like HAProxy will work. You'll have to read about it ; I've never tried it. I found a serverfault question about it.

How to divert traffic based on hostname using HAProxy?

Community
  • 1
Ryan Babchishin
  • 6,260
  • 2
  • 17
  • 37