Resolving DNS to internal IP addresses?

I'd like to provide services from several internal machines, via an internal DNS to external clients.

This is from a home based single external IP address, on a consumer level router, I'm expecting to have to provide the internal routing from a machine inside the network.

At the moment I have the machines resolving for other internal clients, providing they have the internal DNS in their list of name servers.

However, if I try to resolve these names / use the services from external clients, they just resolve to the gateway / DNS box, I need the internal machines to resolve instead.

Port forwarding doesn't help, because I have multiple boxes providing similar services (ssh, http/https, mail, etc.)

This diagram may help explain the setup, and what I'd like to do... (or what it's called ;) )

Any help would be much appreciated.

Finally, do I just need to do this with a reverse proxy?

network

ocodo

Posted 2013-03-29T06:41:02.850

Reputation: 1 672

Answers

The pproblem is not DNS, the problem is IPs.

If you want external access, you want externally-accessible IPs. For one machine, port forwarding does the trick. For multiple machines, you can forward for example port 22 on one machine to port 22 on thhe router, and port 22 of the another machhine to say, port 122 on the router. You will ssh to example.com:122.

If expiciltly specifing port is not an option, for http/https protocols, reverse proxy will do, for mail single machine should be enough. For ssh and most other protocols, your only way is to have multiple public IPs

Alex

Posted 2013-03-29T06:41:02.850

Reputation: 557

So, I've decided to add my own answer, as the answers given didn't really answer the question explicitly.

Using Nginx I setup a reverse proxy that resolves names against the internal DNS. This covers web services (you can add more listen ports e.g. to reach web admin, or mail services. (I only have one mail server, which is fairly typical, so it's just port forwarded, and doesn't need the proxy)

server {
    listen       80;

    server_name  a.example.com b.example.com c.example.com;
    access_log   /var/log/nginx/proxy.access.log;

    location / {            
        resolver          192.168.1.102; # Local DNS resolution
        proxy_pass        http://$host$uri; # wildcard 
        proxy_redirect    off;
        proxy_set_header  Host            $host;
        proxy_set_header  X-Real-IP       $remote_addr;
        proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}

To handle ssh I decided I could just use port forwarding, however it's possible to configure sshd to do a reverse proxy via a tunnel, this answer has some details:

https://serverfault.com/a/244409/56132

ocodo

Posted 2013-03-29T06:41:02.850

Reputation: 1 672