Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

NAT and hostname resolution 2

Status
Not open for further replies.

jgilbs

MIS
Feb 18, 2007
1
US
Hey guys,
Got a quick question. I have a Win2k3 Domain Controller behind a hardware firewall. Win 2k3 dc is running DNS services for the domain. I am using No-IP Dynamic DNS to manage my domain name, and all requests for my TLD are going through the hardware firewall, where port forwarding is forwarding them on to my domain controller.

For Security reasons, I would like to have my domain controller not exposed at all to the internet. I have several other Win2k3 servers I would like to access as terminal servers and web servers. Right now, I have to enter a special port to access them. For example, for "SERVER2"(a terminal server) I have to logon to remote desktop as <my domain>:3390 in order for the port to be routed to the right server.

How can I enable NAT/DNS/My firewall to port forward based on the hostname. For example: connecting to server1.<mydomain>.com would forward all the correct ports (3389 for RDP and 80 for WWW) and connecting to server2.<mydomain>.com would get forwarded to server2?

I have read on the internet that this is "impossible due to restrictions in NAT", but that doesn't seem right, because I know IIS handles host headers and you can set up multiple sites on IIS using several hostnames but only one IP. That doesnt seem like much of a leap to make it work for all protocols.
 
on a proper FW you can publish you server as a web server and try to use the port 8080 instead of the 80, so you can have some security....

In addition you can open/create a rule to forward the taffic for the RDP connection to another port instead of the standard 3389 try to use 3399 or another port...

I hope I have been of some help.

_____________________________________
S. Daniel P. Teixeira - MCP
 
This can only be done if you have multiple ip-addresses on the external interface of your firewall. If so, you can register the names by your ISP, then forward the appropiate ports to the correct servers
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top