Need suggestions for dns behind firewall

[popeus]

My isp charges $10 per ip address so i'm trying to figure a way to host multiple web sites behind a router/firewall.

I have 3 ip addresses. One address for primary dns, one for secondary dns and one to assign to web sites. My question is can i assign the last ip address to a router/firewall, map that address to an internal dns server and have the internal dns server route traffic to multiple internal web servers? For instance:

dns0: 216.192.1.5
dns1: 216.192.1.6

In the dns all web site requests point to 216.192.1.7 which is actually the router/firewall. 216.192.1.7 on the router/firewall is mapped to 192.168.1.2 (internal dns).

I have 3 internal web servers:
web1: abc.com = 192.168.1.3
web2: def.com = 192.168.1.4
web3: ghi.com = 192.168.1.5

Internet request for abc.com go's to dns0 (216.192.1.5) which send the request to router/firewall (mapped to internal dns), internal dns records indicate abc.com is located on web1, forwards the request to web1, web1 returns web page through router/firewall back to the end user.

I hope you can understand what i'm trying to accomplish, any suggestions would be very helpful.

Thanks

 

[ChrisAC]

Why don't you just host all three web sites on the same box? Problem solved!

Chris.

**********************
Chris A.C, CCNA, CCSA
**********************

 

[ChrisAC]

I'm still trying to figure out what you are attempting to do. DNS servers do not forward web requests. They resolve hosts to IP address.

If all three web sites resolve to 216.192.1.7 then the http requests will be directed at that IP address. There will be no further DNS lookups. The 'internal' DNS server will have nothing to do with the process if the request has been serviced by an external DNS server that has resolved the domain to 216.192.1.7.

Chris.

**********************
Chris A.C, CCNA, CCSA
**********************

 

[popeus]

Thanks, for your response.

For arguments sake, lets say that each of the domains have too much traffic and database requests for one server to handle.

216.192.1.7 is actually a firewall, where port 80 can be opened and mapped to one internal ip address, that leaves the other two servers out, unless I can direct the traffic once it gets behind the firewall.

 

[ChrisAC]

Well, the traffic would have to be pretty heavy to only allow one web site per box. But, for arguments sake, if you do want to run three web servers behind one IP address then the only way that I can see how is by using different ports for each server but then the user would have to know what the port is, ie.

http://www.domain.com:23010

or something like that. Not really what you are after. I'm sure that your firewall will only port forward port 80 to one server.

I don't know how you would handle this. You couldn't use your internal DNS server as the request from the clients web browser to the firewalls external address would be a HTTP GET request for a particular domain and not a DNS request as that would already have been resolved by the external server. Your problem is how to direct the HTTP requests to one external address to three different internal servers depending on the domain.

Tricky one that.

Chris.

**********************
Chris A.C, CCNA, CCSA
**********************

 

[netometer]

Hi!

Please, Popeus, correct me if I understood you wrong but here is what I think you want to do:

1.You want 3 WEB servers to be behind a firewall.
2.You want each web server to be running on a separate box, due to security, performance and other (probably administrative) reasons.
3.You want to use just one Public IP for the three WEB servers - the external IP of the firewall
4.dns0 and dns1 use two of your public IP addresses and are specified as the primary and secondary dns servers in your registrar's records (registrar is the company which you registered your domain names with - like Network Solutions for example).


Well, I would say that is a reasonable approach.

First, you have to change the records in dns0 and dns1 for the three domains and point them to the one Public IP which you dedicate for the three Web servers (probably the external IP of the firewall)
Second, All the web requests will hit one of the web servers (for example web1: abc.com - 192.168.1.3), so you will create an appropriate port translation for incoming requests on external IP of the firewall: port 80 to port 80 on the internal IP of web1:abc.com.
Third, you have to configure header redirection on web1. If the request is for abc.com it will be directed to the web site hosted on web1. If it is for def.com or ghe.com ot will be redirected to the corresponding web servers = web2:192.168.1.4 or web3:192.168.1.5.

NetoMeter

http://www.netometer.net

 

[popeus]

Thanks, NetoMeter

I'll give it a try.

 

[ChrisAC]

Wouldn't the redirection be sent back to the client? ie. redirect the http request to another server?

Chris.

**********************
Chris A.C, CCNA, CCSA
**********************