1

Assume I own a domain, mynetwork.info. I mapped *.mynetwork.info to my public IP address given to me by my ISP. Assume the IP address lease is static or long term.

When the traffic reaches my router after DNS lookup and discovery of my public IP address, I want to route request as following.

If the URL is computer1.mynetwork.com, forward it to computer 1 on the private LAN.

If URL is computer2.mynetwork.com, route to computer2 on the private LAN.

How can I achieve this? I know port forwarding. Is there another way? Does the request that reaches my router after IP address resolution even contain what name the client was even hitting?

Improve this question
4
  • 2
    The client sends the requested domain, so a reverse proxy on your end can make it happen. The incoming traffic must arrive at one machine (can also be your router) that redirects traffic based on the requested URL. If your router has no reverse proxy available, I recommend to setup a pfSense firewall with HAProxy module behind it to handle incoming traffic.
    – Martin Braun
    Commented Jan 29, 2023 at 5:40
  • Thanks for quick response. Does reverse proxy also supports non http traffic. For example, if I have an application listening for tcp ip connections?
    – Iftikhar Ali
    Commented Jan 29, 2023 at 5:45
  • Also you are saying that the packet contains actual url client may have typed in the browser? Is it true across all network channels communication or just http?
    – Iftikhar Ali
    Commented Jan 29, 2023 at 5:48
  • 1
    TCP is a lower protocol that doesn't really know domains. The HTTP(S) spec defines the domain header that is sent, so a reverse proxy can only work on that. If you work with other protocols, you have to dedicate ports and do only some port-forwarding. You can redirect different sub domains to different IPs on your domain registrar to avoid that, but since you have only one destination IP, this isn't possible. Imagine you connect via SSH to your domain, the DNS will resolve its IP before the packages will receive your router. The SSH package will not contain any domain, so it's not possible.
    – Martin Braun
    Commented Jan 29, 2023 at 15:04

2 Answers 2

Reset to default
1

What you want is possible for HTTP(S), but not for all network traffic in general.

Network packets aren't routed to domains. The sender first resolves the domain to an IP address, then sends the packets to that IP address as if DNS resolution didn’t happen. Since all your computers share a public IP address, it cannot be determined which computer a packet was addressed to (unless you use different ports, but that's not what you want).

HTTP has an extra provision for use cases like this: requests have to indicate which domain name they are intended for.

Improve this answer
3
  • Thanks. So http ensures request domain is sent in. Say if I have a custom app listening for network connections, does it mean I either buy xple ip addresses or use port forwarding. Can I put port number in my A-record entry so caller is oblivious about ports,
    – Iftikhar Ali
    Commented Jan 29, 2023 at 14:46
  • 1
    that's not how it works. Your domain registrar can only have an IP as A-record. All packages will be forwarded to such IP. On your machine, you have to decide what to do with the package. That's where NAT and port forwarding comes into play. I recommend to start at the fundamentals, so you can learn when where what happens in the TCP communication.
    – Martin Braun
    Commented Jan 29, 2023 at 15:08
  • Yup, like Martin said: DNS doesn't resolve ports, IPs only. Port choice is up to the client.
    – gronostaj
    Commented Jan 29, 2023 at 17:57
0

Try to use a reverse proxy like

  • HAProxy
  • NGINX
  • Apache
  • Træfik
Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .