How to access individual computers on home network from the internet but not using port forwarding

2

I have a domain 'mydomain.com'. I have several web/mail/ftp servers in the cloud on different IPs from different cloud providers:

ftp.mydomain.com
mail.mydomain.com 
www.mydomain.com

I also have a small home/office network with two computers. I would like them to be reachable over the internet:

home1.mydomain.com
home2.mydomain.com

I have added the public facing IP of my home router to the nameservers as an A record for both home1.mydomian.com and home2.mydomain.com.

What I would like now is to have the home router route incoming traffic to the correct machine but not using port forwarding. I want each machine to keep its own firewall, not just only accept traffic on one port.

Many thanks

sectornitad

Posted 2013-09-19T10:10:21.933

Reputation: 121

NAT routers have a feature to put one computer into the DMZ. In NAT router terminology, that means that regardless of what port is accessed on the router public ip, the 'packet' is passed to that one computer. Suppose for a moment that the router had firmware that could pass that packet to all computers. Suppose 2 computers on your LAN run a service on port 1200. A computer outside wants to access one of them but cannot specify, and how would the router know which computer to forward to? – barlop – 2013-09-19T11:38:13.860

further from that comment, this question also mentions something about adding multiple computers to DMZ. Perhaps positive http://www.dslreports.com/forum/remark,847996 this one is more negative http://forums.techguy.org/networking/760700-dmz-3-computers.html

– barlop – 2013-09-19T11:43:10.127

Answers

0

You will have to do some sort of port forwarding. If the machines in question don't need to be available for public access I would open one port and use a VPN. That way there is only one port that needs to be opened.

If you are using NAT you might have more complications though. You can't point one public IP to several NAT(ed) servers. They only way NAT will work is each server listens on a different port.

EX:

Mail - 110/25

FTP - 21

WWW - 80

That would work so each of those services would be accessible, but only if you forwarded the ports. Or had a single VPN connection inside the network.

Unfortunately what you truly want to do cannot be fully achieved without multiple public IP's and port forwarding.

BrennanK

Posted 2013-09-19T10:10:21.933

Reputation: 1

thanks. I guess I am a little confused here. Is it not possible somehow for the router to look at the incoming traffic and determine that the domain that was initially requested by the sender was home1.mydomain.com and then route that accordingly? Is the original domain included in the TCP/IP packet? – sectornitad – 2013-09-19T12:05:26.760

@sectornitad No, routing is based only on the ip address, and the hostname is not included in the TCP/IP headers. One of the few protocols that mandates sending the hostbame is HTTP1.1, which is how virtual hosting works. However, if you have IPv6, you probably have a public IPv6 address on each computer, which allows you to reach them from the Internet. – user2313067 – 2013-09-19T12:16:55.860

@sectornitad Not really 'cos that DNS address isn't stored in the packet, unless it's HTTP1.1 or your own custom protocol. In a sense, it is possible in theory, because those devices people call routers do many functions not just routing. e.g. they have firewalls in them and firewalls aren't part of routing. and NAT isn't routing. So it's quite possible in theory for a device to check far enough into the 'packet', going with user2133067's idea of if it's HTTP v1.1 but – barlop – 2013-09-19T14:00:20.173

@sectornitad a)it'd require a highly customized device to use that hostname header for port forwarding b)it'd only work when HTTP 1.1 c)one wouldn't call it routing So given a,b, I can't see how that idea would be feasible. But user231 mentioned IPv6, maybe you can have many public IPv6 addresses. Not sure re the security of that though. – barlop – 2013-09-19T14:01:47.740

Asked: 2013-09-19T10:10:21.933

Viewed: 184 times

Active: 2013-09-19T11:25:53.927