DNS resolve to host on LAN? [Archive] - The macosxhints Forums

View Full Version : DNS resolve to host on LAN?

fcv

01-20-2002, 05:53 PM

Hi

I have a small LAN with one public ip and several hosts with private ips. I'm using natd to share my cable connection to the lan and everything works pretty smoot (OS X 10.1.1). I run apache on the public ip and on one of the internal machines. My public IP also runs bind (DNS SERVER) and it's set up so that:

www.mydomain.com -> public ip
xpto.mydomain.com -> private host (192.168.0.32)

Does anyone know a way to allow people on the net to access xpto.mydomain.com?

What i do know is that any outside browser would get a reply containing 192.168.0.32 from the dns server and then attempt to connect to that ip, which OBVIOUSLY results in a connection failure.

I dont mind having xpto running apache on another port, but i want to avoid having to specify that port from the outside (like http://xpto.mydomain.com:79 - NO GOOD)

So i guess a tool that picked up a request for host xpto and port 80 and forwarded it to host 192.168.0.32 port 79 would be what i need.

I've seen such tools on linux and openbsd but not on x (freebsd).... :( Any ideas?!?!?!

Gwyrrdin

01-21-2002, 01:57 PM

my two cents....

I have a linux router. On that router I have ip tables to forward any requests on port 80 to my webserver, and also forwarded some other ports for some services...this works fine.

But before ip tables i used ipfw for that....and ipfw is included in OS X 10.1

So read the man of ipfw...

<snippet>
ipfw [-q] add [number] action [log] proto from src to dst [via name |
ipno] [options]
</snippet>

Cheers

Gwyrrdin

Novajo

01-21-2002, 02:47 PM

You must set up natd to route incoming connections from some port on your external IP to the port 80 of your other private machine or configure Apache to do it. The obvious problem is that you cannot route port 80 connections to your other machines, because you already serve web pages on the public machine. You would have to use a different port, for instance:

www.mydomain.com:8080

which you would set up in natd to be routed to 192.168.0.32. This is done by adding this to your natd configuration file:

redirect_port tcp 192.168.0.32:80 8080

Don't forget to kill -HUP `echo /var/run/natd.pid` when you are done with your modifcations. I have an example to set up an AppleTalk connection to an internal interface/machine with natd. It is available at:
http://www3.sympatico.ca/dccote/appleshareipoverpppoe.html. You can read it and replace every port 548 with port 8080 and everything will work.

However, you say you would like to avoid that. I see two other options which are somewhat related. This involves configuring Apache to rewrite a certain url (say for instance www.xpor.com/others/ into xpto.mydomain.com/. You can do that with the mod_rewrite module of Apache. You have to include the module in your httpd.conf file:

LoadModule rewrite_module libexec/httpd/mod_rewrite.so
[...]
AddModule mod_rewrite.c

and later in your host section, use:

RewriteEngine On
RewriteLog /var/log/rewriteLog
RewriteLogLevel 1
RewriteRule ^/other(.*) http://xpto.mydomain.com/$1 [R]

then restart the httpd server.

A related option is to register xpto.mydomain.com as a different IP address which you set up on your public server (can you do multihoming on OS X? don't know) and you use that IP address in the rewrite module mentionned above.