Sign in with
Sign up | Sign in
Your question

question

Last response: in Networking
Share
Anonymous
a b 8 Security
July 7, 2004 6:15:22 PM

Archived from groups: comp.security.firewalls (More info?)

Hi,

we have several boxes with unique public IP addresses which are part of a big .edu namespace. I would like to put these
machines behind one single firewall and still keep their names. Is it possible to have all names point to the firewall
machine and then have the firewall direct the specific request to a specific box behind it?

So, if F is firewall.x.edu and I have A.x.edu, B.x.edu and C.x.edu I want to have A, B and C behind F. A, B and C
should now point to F and F will direct all outside requests to A, B or C based on the name.

Thanks,
Ognen

More about : question

Anonymous
a b 8 Security
July 10, 2004 9:30:04 PM

Archived from groups: comp.security.firewalls (More info?)

On Wed, 7 Jul 2004 14:15:22 +0000 (UTC), Ognen Duzlevski spoketh

>Hi,
>
>we have several boxes with unique public IP addresses which are part of a big .edu namespace. I would like to put these
>machines behind one single firewall and still keep their names. Is it possible to have all names point to the firewall
>machine and then have the firewall direct the specific request to a specific box behind it?
>
>So, if F is firewall.x.edu and I have A.x.edu, B.x.edu and C.x.edu I want to have A, B and C behind F. A, B and C
>should now point to F and F will direct all outside requests to A, B or C based on the name.
>
>Thanks,
>Ognen

You can get firewalls that'll allow you to map external IP addresses to
internal (either LAN or DMZ) IP addresses. This will allow you to place
these machines behind the firewall without having to worry about
changing DNS records for these computers.

However, a firewall can not redirect based on names, so you cannot point
the DNS records for all these machines to the firewall and have the
firewall forward based on the DNS name.

Lars M. Hansen
http://www.hansenonline.net
(replace 'badnews' with 'news' in e-mail address)
Anonymous
a b 8 Security
July 11, 2004 12:08:03 AM

Archived from groups: comp.security.firewalls (More info?)

Ognen Duzlevski wrote:

> we have several boxes with unique public IP addresses which are part of a big .edu namespace. I would like to put these
> machines behind one single firewall and still keep their names. Is it possible to have all names point to the firewall
> machine and then have the firewall direct the specific request to a specific box behind it?
>
> So, if F is firewall.x.edu and I have A.x.edu, B.x.edu and C.x.edu I want to have A, B and C behind F. A, B and C
> should now point to F and F will direct all outside requests to A, B or C based on the name.

If you use only one IP address, you have only one set of ports. What
services do you want to provide? HTTP can handle name-based virtual hosting,
and incoming email can use the same MX for several domains. Many other
protocols would break though.

Can't you just update the DNS to point to addresses behind the firewall? If
for some reason not, maybe you could assign the current addresses to the
firewall, and use private addressing for the individual machines.

Thor

--
http://www.anta.net/
!