www.zeroshell.org Forum Index www.zeroshell.org
Linux Distribution for server and embedded devices
 
 SearchSearch  RegisterRegister  UsergroupsUsergroups 
 ProfileProfile  Log inLog in  Log in to check your private messagesPrivate Message 

Use DNS to forward to local network

 
Post new topic   Reply to topic    www.zeroshell.org Forum Index -> ZeroShell
View previous topic :: View next topic  
Author Message
Askalab



Joined: 27 Oct 2017
Posts: 1

PostPosted: Fri Oct 27, 2017 7:32 pm    Post subject: Use DNS to forward to local network Reply with quote

Hello,

I have multiple NAS on my network, with different services.

Until now, I used port forwarding.

Now, I want to make it a lot more simple with an internal DNS.

I set up ZeroShell to be the SOA of sub.domain.com.
(with nsa.sub.domain.com and nsb.sub.domain.com)

Now I want to reach nas1.sub.domain.com from internet into my network.

I thought I had to create a DNS entry:
nas1.sub.domain.com A 192.168.101

And it work internally..... but of course, not from outside!
... because the NS resolve it as 192.168.0.101...... wich doesn't works outsite of my network....... Wink

How can I do?... Can I do it?!

Many thanks.
Back to top
View user's profile Send private message
Montikore



Joined: 19 Jan 2016
Posts: 64

PostPosted: Mon Oct 30, 2017 1:04 pm    Post subject: Reply with quote

As you said, your internal DNS is internal... Anyway, even if you expose your DNS, you won't be able to achieve what you want without port redirection.
The only way to achive this, ie using the name nas1.sub.domain.com to reach the wanted NAS, you will have to redirect all http trafic (all trafic on port 80, using a Zeroshell virtual server) to a web server, which will know who is nas1 and will redirect to the wanted IP/port (apache can do this)
Back to top
View user's profile Send private message
iulyb



Joined: 02 Jun 2016
Posts: 100

PostPosted: Wed Nov 01, 2017 3:36 pm    Post subject: Reply with quote

Hi,
In order to have access from internet you need routable internet IPs for your internal or DMZ network. However that means your network would be exposed + the cost of IPs.

From DNS perspective you did it right, I have a similar setup but with a non routable network.

In order to access internal services I use VPN and after that everything works like at home. The trick is to push the internal dns server on VPN. This will add a leyer of security over the forwarded ports.

If you do not have many clients for your internal network you will need to setup a VPN client on your clients and and VPN server on the ZS.

If you want to have services presented to internet port forwarding is the way.
Back to top
View user's profile Send private message
Montikore



Joined: 19 Jan 2016
Posts: 64

PostPosted: Thu Nov 02, 2017 9:33 am    Post subject: Reply with quote

iulyb wrote:
In order to have access from internet you need routable internet IPs for your internal or DMZ network. However that means your network would be exposed + the cost of IPs.


Shocked what are you talking about??

By the way, VPN is clearly not the solution to this problem...
Back to top
View user's profile Send private message
iulyb



Joined: 02 Jun 2016
Posts: 100

PostPosted: Thu Nov 02, 2017 3:23 pm    Post subject: Reply with quote

Montikore wrote:
iulyb wrote:
In order to have access from internet you need routable internet IPs for your internal or DMZ network. However that means your network would be exposed + the cost of IPs.


Shocked what are you talking about??

By the way, VPN is clearly not the solution to this problem...


Rout-able IPs meens IPs that are not in private range. https://en.wikipedia.org/wiki/Private_network. Also these IPs needs to be routed to your place so in most cases you will need to buy them from your ISP for an additional cost. You may need advance networking and routing experience if you will go multiple ISPs.

You didn't specify if your clients are public or private, most corporations use VPN to allow their employees to access internal resources.

I suggest that you should stick with forwarded ports.
Back to top
View user's profile Send private message
Montikore



Joined: 19 Jan 2016
Posts: 64

PostPosted: Thu Nov 02, 2017 3:40 pm    Post subject: Reply with quote

lol sure, all public IPs are routable... if you have an internet connexion, then you have a public IP, then you can use it without any more costs... i don't get your point, we are not in the 70's anymore
Of course, if you want to use more than one public IP, it's a bit more complicated, but this is out of scope here.
Back to top
View user's profile Send private message
reaperz



Joined: 13 Apr 2012
Posts: 98

PostPosted: Tue Nov 07, 2017 10:16 am    Post subject: Reply with quote

What you are looking for, is DNS views. You should have different DNS view for inside and outside networks.

I have done it before with bind/named, but don't know how to do it with Zeroshell. I use ZS just for router, not DNS.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    www.zeroshell.org Forum Index -> ZeroShell All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group