0

I want to map subdomain to local IPs on my machine to achieve a IP for each of my virtual machines.

I know I can setup a DNS on my own machine but that will only resolve the domain on my own machine.

subdomain.domain.com -> Public IP -> Internal IP 1
subdomain2.domain.com -> Public IP -> Internal IP 2
subdomain2.domain.com -> Public IP -> Internal IP 3

is there anything that might achieve the same goal?

Note: I don't want only port 80 I want something like a NAT or Reverse proxy for all TCP payloads.

Thank you for reading.

Improve this question

1 Answer 1

Reset to default
2

You can't.

The "trick" that is normally used to simulate what you ask for (with a reverse proxy) works (only) with HTTP(S) because the protocol includes the requested DNS host name in each request. That is what allows a HTTP reverse proxy running on the primary IP-address to identify that a request is for a specific site and forward it to correct back-end server.

Most other protocols do not include the DNS hostname the client used to connect to a server. The client locally resolves whatever DNS hostname is used to an IP-address and attempts to make a connection to that IP-address. The original hostname information is "lost" and the only information carried in the (initial) request are the resolved IP-address and port number.

For every protocol that isn't natively hostname aware there won't be any way to correctly map the request to a specific back-end server.

Also see: How do I make protocol foo hostname-aware?

Do the SSH or FTP protocols tell the server to which domain I am trying to connect?

The solution is to use IPv6 on all your servers and map each of your DNS hostnames to the IPv6 address of the correct back-end server.

Improve this answer
2
  • You can make proxying "work" for none HTTP protocols if you use TLS and SNI, but it gets complicated quickly.
    – hardillb
    Commented May 14, 2023 at 14:05
  • Indeed. Although AFAIK most if not all commonly used SSL/TLS libraries support SNI and have included that support for many years, that doesn't automatically translate into support for applications linked to those libraries. Each client needs to make code changes to leverage SNI and those don't make sense when the server side code doesn't provide SNI support (yet) either. And the urgency to adapt SNI seems less for many other applications than it was for web servers and browsers and even for those it took years.
    – HBruijn
    Commented May 15, 2023 at 8:56

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .