2

Possible Duplicate:
How to use DNS to redirect domain to specific port on my server

Basically I want to have something like this:

name1.mydomain.com:1234 -> my.internal.ip.address:10001
name2.mydomain.com:1234 -> my.internal.ip.address:10002
name3.mydomain.com:1234 -> my.internal.ip.address:10003
name4.mydomain.com:1234 -> my.internal.ip.address:10004
name5.mydomain.com:1234 -> another.internal.ip.address:10001
name6.mydomain.com:1234 -> another.internal.ip.address:10002

Can be at the router level, internal dns server level or even some other machine on the local network running some app that just passes traffic on to the proper machine on the proper port.

More clarification: it is not HTTP traffic, but our own custom protocol (our own client/server application using Remoting in .NET)

Davy8
  • 133
  • 1
  • 8

2 Answers2

4

OK, let's clear up some confusion here...

First up, there's no explicit requirement in your question that all of those names resolve to the same IP address -- so, you can assign a block of addresses to your router device, have the DNS records setup to provide a one-to-one mapping of name to IP address, and then use DNAT (Destination Network Address Translation) to forward the traffic on to internal devices.

I will continue on the assumption that you don't have the ability to throw a pile of IP addresses at the problem.

In general, for an arbitrary protocol running inside of TCP or UDP (because other protocols that run on top of IP don't necessarily have any concept of ports), you cannot do what you want to do, because there is no guarantee that there is any information inside the traffic "stream" to allow such routing to take place. Certain protocols, in an attempt to get around this very problem, do embed name information in their protocol (such as HTTP, with the Host header), and for those protocols there are typically proxies that will receive a request, determine the name that was presented, and then route the request to an appropriate location. Some of those proxies have been mentioned in other answers, and if those do not suffice you will no doubt receive appropriate answers if you tell us what layer 7 protocol you are attempting to proxy.

However, the vast majority of protocols do no name-based identification of their intended destination, and for those you have no option but to use IP addresses to control the flow of traffic to different internal endpoints.

EDIT: If you're defining your own protocol, it should be possible to embed the name of the host you're connecting to inside it somewhere, and then you'll just have to write your own proxy (possibly as a plugin to some existing piece of software) to take those requests, map them to the correct backend, and pass them through.

womble
  • 95,029
  • 29
  • 173
  • 228
  • +1 for detailed info on WHY it can't be done for an arbitrary protocol. So we'd have to modify our protocol somehow to include this info? – Davy8 Dec 21 '09 at 22:13
  • excelent answer. last time i've checked ip datagrams had fixed-lenght field for v4 / v6 dst/src address and protocol number; nothing for the domain name – pQd Dec 21 '09 at 22:14
  • @davy8 not only modify your protocol, but also write a custom proxy that can understand it. – pQd Dec 21 '09 at 22:15
1

no - you cannot do it for generic protocol, although it can be done for specific protocols - for instance http by placing reverse proxy that takes decision not only based on ip address / port but also - requested domain name.

pQd
  • 29,561
  • 5
  • 64
  • 106
  • There is no software that can be written (or has been written) for a computer to take all incoming traffic and pass it on to some other IP:port combination based on looking at the subdomain of the request? – Davy8 Dec 21 '09 at 21:45
  • Only for specific protocols. Squid for HTTP, OpenSIPS for SIP, etc. – Max Alginin Dec 21 '09 at 21:48
  • I believe that Microsoft ISA server can do this – Mark Henderson Dec 21 '09 at 21:53
  • Hmm, I'm somewhat surprised that there's no way to write some sort of in between server that listens on a single known port and passes the exact same byte sequence verbatim to some other address/port. – Davy8 Dec 21 '09 at 21:56
  • Davy, there is. See my answer. – Mark Henderson Dec 21 '09 at 21:57
  • @davy8 - no, some protocols do not carry hostname in their requests. ftp to give example. – pQd Dec 21 '09 at 21:59
  • @ynguldyn - sorry, but ISA will not make a miracle, if protocol does not carry required information - you just get ip datagrams with some payload and you cannot figure out to which domain they ware sent. they arrive only with the destination ip. – pQd Dec 21 '09 at 22:00
  • Point taken, but I assume we're talking about HTTP traffic here, which will carry the hostname... – Mark Henderson Dec 21 '09 at 22:02
  • @Farseeker, it is not HTTP traffic, does that change your answer? – Davy8 Dec 21 '09 at 22:09
  • Yes, it does. I have deleted my answer. Apologies, 99.999% of the questions on SF are about HTTP traffic, I just assumed... – Mark Henderson Dec 21 '09 at 22:10
  • wow. i can see some downvoting rage. any explanations? – pQd Dec 22 '09 at 22:01
  • I didn't downvote, not as informative as womble's answer but nothing incorrect about it. – Davy8 Dec 24 '09 at 01:26
  • @davy8 sure.. i'm just curious.. – pQd Dec 24 '09 at 08:30