Use DNS to forward to local network

Home Page Forums Network Management ZeroShell Use DNS to forward to local network

This topic contains 5 replies, has 0 voices, and was last updated by  Askalab 1 year ago.

Viewing 7 posts - 1 through 7 (of 7 total)
  • Author
    Posts
  • #44888

    Askalab
    Member

    Hello,

    I have multiple NAS on my network, with different services.

    Until now, I used port forwarding.

    Now, I want to make it a lot more simple with an internal DNS.

    I set up ZeroShell to be the SOA of sub.domain.com.
    (with nsa.sub.domain.com and nsb.sub.domain.com)

    Now I want to reach nas1.sub.domain.com from internet into my network.

    I thought I had to create a DNS entry:
    nas1.sub.domain.com A 192.168.101

    And it work internally….. but of course, not from outside!
    … because the NS resolve it as 192.168.0.101…… wich doesn’t works outsite of my network……. 😉

    How can I do?… Can I do it?!

    Many thanks.

    #54599

    Montikore
    Participant

    As you said, your internal DNS is internal… Anyway, even if you expose your DNS, you won’t be able to achieve what you want without port redirection.
    The only way to achive this, ie using the name nas1.sub.domain.com to reach the wanted NAS, you will have to redirect all http trafic (all trafic on port 80, using a Zeroshell virtual server) to a web server, which will know who is nas1 and will redirect to the wanted IP/port (apache can do this)

    #54600

    iulyb
    Member

    Hi,
    In order to have access from internet you need routable internet IPs for your internal or DMZ network. However that means your network would be exposed + the cost of IPs.

    From DNS perspective you did it right, I have a similar setup but with a non routable network.

    In order to access internal services I use VPN and after that everything works like at home. The trick is to push the internal dns server on VPN. This will add a leyer of security over the forwarded ports.

    If you do not have many clients for your internal network you will need to setup a VPN client on your clients and and VPN server on the ZS.

    If you want to have services presented to internet port forwarding is the way.

    #54601

    Montikore
    Participant

    @iulyb wrote:

    In order to have access from internet you need routable internet IPs for your internal or DMZ network. However that means your network would be exposed + the cost of IPs.

    😯 what are you talking about??

    By the way, VPN is clearly not the solution to this problem…

    #54602

    iulyb
    Member

    @montikore wrote:

    @iulyb wrote:

    In order to have access from internet you need routable internet IPs for your internal or DMZ network. However that means your network would be exposed + the cost of IPs.

    😯 what are you talking about??

    By the way, VPN is clearly not the solution to this problem…

    Rout-able IPs meens IPs that are not in private range. https://en.wikipedia.org/wiki/Private_network. Also these IPs needs to be routed to your place so in most cases you will need to buy them from your ISP for an additional cost. You may need advance networking and routing experience if you will go multiple ISPs.

    You didn’t specify if your clients are public or private, most corporations use VPN to allow their employees to access internal resources.

    I suggest that you should stick with forwarded ports.

    #54603

    Montikore
    Participant

    lol sure, all public IPs are routable… if you have an internet connexion, then you have a public IP, then you can use it without any more costs… i don’t get your point, we are not in the 70’s anymore
    Of course, if you want to use more than one public IP, it’s a bit more complicated, but this is out of scope here.

    #54604

    reaperz
    Member

    What you are looking for, is DNS views. You should have different DNS view for inside and outside networks.

    I have done it before with bind/named, but don’t know how to do it with Zeroshell. I use ZS just for router, not DNS.

Viewing 7 posts - 1 through 7 (of 7 total)

You must be logged in to reply to this topic.