How do I direct inbound network traffic to a specific internal IP based on the requested hostname? (Win 2012)

1

This may be fairly basic, so if it seems so please don't overthink it!

My Setup

  • Home server running Hyper-V with VMs for IIS, MSSQL, and others
  • Residential connection with potentially shifting IP, which I've mapped to a DynDNS domain (so the DNS updates automatically)
  • Server and all VMs (except one) are running Windows Server 2012
  • Server hosting VMs is configured as a DNS server, and all VMs have both a static internal IP for the network (as well as a hostname -- my IIS VM, for example, is iis.mydomain.com)
  • Server is behind a router, but can configure the usual (DMZ, port forwarding, etc)

The Scenario

I would like to be able to forward traffic on all ports for **.mydomain.com:PORT* to go to the appropriately mapped VM (i.e iis.mydomain.com:PORT --> IIS_VM:PORT), which maps to a specific static IP on my network.

For example, I hit iis.mydomain.com with RDP and it connects me to the IIS VM via Remote Desktop from external to the network. I hit iis.mydomain.com in the web browser and it loads the appropriate site which is bound to that hostname on the IIS VM.

Alternatively, with all the above being true, I could create mssql.mydoman.com and hit it via Remote Desktop, where it connects me to that VM. I could also hit it via Management Studio and have it connect.

Current Attempt

  • Set up nameservers which point to my residential IP (and are dynamically updated via DynDNS)
  • Pointed mydomain.com to the above nameservers
  • Using central server that is running DNS to resolve hostnames on the network

Problem

I can hit iis.mydomain.com from outside my network and it does resolve an IP -- unfortunately it resolves 192.168.0.105, which is the internal IP of the IIS machine. This makes sense because in the DNS manager that's what I've assigned to the hostname.

So, the question:

How do I configure my DNS server (or re-configure my current setup) such that internal to the network the traffic is correctly forwarded to 192.168.0.105 -- but outside the network it just hits the residential IP?

Guesses

I understand that things here are "working as intended" in the sense that my DNS server is correctly resolving the hostname to the specified IP -- so if I was trying all this on my local network it would be completely functional. The problem, I feel, is masking the internal IP by having the external machine connect to only my residential IP and then there being some behind the scenes layer which translates the requested hostname to the internal IP.

Based on my reading I have a suspicion NAT may be what I'm looking for, but I really don't have good context.

ShaneC

Posted 2013-07-25T18:55:59.690

Reputation: 111

Answers

3

For routing, the hostname is not part of the equation - the DNS query has already resolved the IP address, and that will be used for the TCP/IP connection. When it gets there (wherever 'there' is) then the protocol running over the connection can come into play, like with HTTP/1.1 which specifies a hostname, to allow for mass virtual hosting.

So, you could send all HTTP traffic arriving on port 80 to your VM for web serving (assuming your ISP doesn't block it en-route); similarly, you could send VNC connections to a different server, RDP connections to go to another; but you couldn't try to RDP to iis.example.com and expect it to go somewhere else to an RDP connection to MySQL.example.com if both hostnames resolve to the same IP address from the perspective of the client.

Rowland Shaw

Posted 2013-07-25T18:55:59.690

Reputation: 3 607

So I get you on the portforwarding concept here -- but I think my core question is how I can resolve internal IP from hostname, as opposed to external IP. That is to say, traffic starts on a client computer and hits iis.mydomain.com. That then hits my DNS server which does a lookup and finds that iis.mydomain.com has an internal IP of 192.168.0.105. How do I do the proxying necessary such that the external traffic resolves the external IP but then internal to the network is correctly forwarded? – ShaneC – 2013-07-25T19:58:26.307

1@ShaneC, that's exactly the problem. Outside the network everybody needs to get the same IP address, the external one. The protocol doesn't allow you to return two IP addresses, only one. You then have to rely on other information, namely the port number, to get it to the proper machine. – Mark Ransom – 2013-07-25T20:01:42.830

@MarkRansom Okay -- and there exists no technology that can proxy an external IP to an internal IP based on hostname? – ShaneC – 2013-07-25T20:09:02.247

The point is that anything like that needs to be protocol aware - it can't be done arbitrarily. – Rowland Shaw – 2013-07-25T20:10:10.443

Asked: 2013-07-25T18:55:59.690

Viewed: 4 971 times

Active: 2013-08-17T21:03:53.137