Configuring DNSMasq Address/Internal IP pairs by port?

0

I have a pretty complex series of servers all connected to a router running DD-WRT. I tend to move the whole setup quite often, so I attempted to make it "mobile". I did this by configuring the DD-WRT router my servers are on as a type of bridge. When I move, I simply change the wireless network the router uses to contact the internet with, and give the DD-WRT router a static IP as well as forwarding all ports on the new router to the DD-WRT router. The DD-WRT router already has it's own subnet, static IP allocations for all the servers I want on my network, and all the correct port forwarding configurations.

The problem I'm having is that Hairpin-Routing won't work in this configuration because even if it is enabled on the DD-WRT router, the new router is usually just a standard all-in-one modem/router from Century Link or whatever. (I.E. it's not meant to really be configured by the end user, so I can't enable hairpin-routing.)

I've "solved" this problem by using DNSMasq rules. This is what I have currently...

address=/odroid.example.com/10.0.0.101
address=/example.com/10.0.0.102

The problem I'm having now is that I want certain ports on example.com to be forwarded to different servers. For example, I would like 587, 993, and 25 to forward to 10.0.0.101 and I would like 80, 8080 and 3000 to forward to 10.0.0.102.

Is there a way to achieve this configuration WITHOUT configuring the generic router? (ONLY on the DD-WRT router.)

Allenph

Posted 2016-10-04T03:28:47.277

Reputation: 123

Answers

1

That's not something dnsmasq can do, because it's not something DNS itself can do. TCP ports only get involved after the address lookup has been done. Therefore, whichever one of your hosts example.com resolves to, must be able to handle all of those connections – possibly using a HTTP reverse proxy where possible, or yet another layer of port forwarding (iptables, pf redirect, &c.).

Some specific apps have their own mechanisms, though. For port 25 (server-SMTP), create a MX record that points to another domain. If the sending mailserver finds one, it will only use the servers listed in the MX record. (That's how nearly all domains redirect their mail to a dedicated 'mail' server or even to Google Mail.)

example.com.         MX 10 smtp-in.example.com.
smtp-in.example.com. A  10.0.0.25

For IMAP and client-SMTP (143, 993, 587) you might have luck with creating SRV records for each service. They're similar in purpose but can tell the app which host and which port to use:

_imap._tcp.example.com.       SRV 10 0 143 mail.example.com.
_imaps._tcp.example.com.      SRV 10 0 993 mail.example.com.
_submission._tcp.example.com. SRV 10 0 587 mail.example.com.
mail.example.com.             A   10.0.0.143

Or the same in dnsmasq's perverse syntax:

mx-host=example.com,smtp-in.example.com,10
address=/smtp-in.example.com/10.0.0.25

srv-host=_imap._tcp.example.com,mail.example.com,143
srv-host=_imaps._tcp.example.com,mail.example.com,143
srv-host=_submission._tcp.example.com,mail.example.com,587
address=/mail.example.com/10.0.0.143

Note that only some programs care about SRV records. While the above _imap &c. examples are technically standard, they're still very rarely used by actual mail apps. (Practically the only widespread SRV users are Kerberos, LDAP, SIP, XMPP, and Minecraft.)

user1686

Posted 2016-10-04T03:28:47.277

Reputation: 283 655

I see. The Odroid is kind of the "adminstrative" server on my network. This seems like a job it could do. Suppose I leave the configuration of the DD-WRT router where it is. In this case when an external request comes in, everything is forwarded correctly. Then configure DNSMasq to ALWAYS point to the Odroid host. (I.E. request for that domain internally will always hit the Odroid.) Can I then use IP table to have the Odroid forward internal traffic that hits it at 80, 8080 and 3000 to my other server? How would I do this? – Allenph – 2016-10-04T05:29:09.190

Furthermore, could the Odroid be configured to forward SSH requests on port 22 to itself or a different server on the internal network based on hostname? (dev.example.com) – Allenph – 2016-10-04T05:29:48.887

Asked: 2016-10-04T03:28:47.277

Viewed: 2 519 times

Active: 2016-10-04T04:50:56.123