Network Systems Help: How to route an external request, by hostname to an internal ip

dnsnetworkingportrouting

Welcome to my first question on stack overflow.

I've looked around, and I haven't found this question asked yet. However, that may be because I don't know how to ask the question that I need answered.

THE INFORMATION:

I'm a programmer who left the public sector that had a, surprisingly, well-managed IT department that had all this crap working for me. I now work for a private company that needs a bit of network systems help.

We have:

  • A SQL Server
  • An Application Server
  • A File Server
  • A Web Server
    • multiple web services
    • team foundation server
    • share point services
  • 5 desktops

all on our internal network.

We also have:
– No domain controller
– No Internal DNS / NAT / DHCP Server.

We're currently using a router for DHCP and Port Forwarding. We are getting a static IP assigned today.

THE QUESTION:

What do I need to setup in order to point our external domains / subdomains to our new static IP and have those requests routed (by the hostname used) to hit a specific server?

Current Configuration (Port Forwarding)

ourdomain.com:1234 -> router/port-forwarding -> SQL Server:1433
ourdomain.com:1235 -> router/port-forwarding ->  Web Service 1:8081
ourdomain.com:1236 -> router/port-forwarding ->  Web Service 2:8082
ourdomain.com:1237 -> router/port-forwarding ->  Application Server:5410

What I think I want:

sql.ourdomain.com:80  -> ??? -> SQL Server:1433
svc1.ourdomain.com:80 -> ??? -> Web Service 1:80 (host: svc1.ourdomain.com)
svc2.ourdomain.com:80 -> ??? -> Web Service 2:80 (host: svc2.ourdomain.com)
app.ourdomain.com:80  -> ??? -> Application Server:5410

The (host: xxx) is where I would specify the host in the IIS website configuration.

There will be some instances where port-forwarding is necessary, but it's not ideal for every instance. I want to remember meaningful names, not arbitrary port numbers.

If what I'm asking here is completely ridiculous, well, thanks for reading. I'm just looking for some direction.

Thanks!

<edit>

12:01 am PDT 4/19/2012

Sorry, let me clarify a few things.

  1. We only have a single static public IP address.
  2. Assume that we can acquire / setup the necessary hardware / software to achieve this.

If what it comes down to is that we need to buy some enterprise level routing hardware, that's just what it takes. I know this has to be possible because at my last job, we had 40 or 50 domains all pointed to the same IP that routed to different servers once inside the internal network. :/ Or at least that's what happened to the best of my knowledge.

I actually called them up today and asked them, but the main dude who set it all up quit.

I'm really pushing for us to just get our crap out into the cloud, since no one wants to hire a network engineer or systems analyst, much less build a data center.

</edit>

Best Answer

An easy way that this could work if each subdomain resolves into different public ip addresses (e.g. if your DNS was configured such that sql.ourdomain.com resolves to 1.1.1.1 and svc1.ourdomain.com resolves to 1.1.1.2).

sql.ourdomain.com  IN A 1.1.1.1
svc1.ourdomain.com IN A 1.1.1.2

Your router can only make decisions based on limited information contained inside of the ip packets. Commonly, routers can look at the ip or port information. In the case where your router is configured with port forwarding, the router looks at the port number and makes address translation decisions using that the port.

rule: incoming port 1000, forward to 192.168.1.100:1433
rule: incoming port 1001, forward to 192.168.1.101:80

However, if the port is the same, the router needs other information to decide how to perform the translation. Most low-end routers (e.g. Cisco ASA series, Juniper SRX series) can use the ip to make this address translation decision. The downside is that that you'll need to purchase multiple ip addresses from your ISP.

rule: incoming ip 1.1.1.1, forward to 192.168.1.100:1443
rule: incoming ip 1.1.1.2, forward to 192.168.1.101:80

IIS, which operates on a much higher layer on the network stack, can make this differentiation by looking at the HTTP headers. This works for multiplexing a single ip and single port to multiple websites. In this case, since SQL and your web server speak different protocols, you won't be able to leverage this.

Another technology that you may want to consider is IPsec tunneling (VPN) if your device supports IPsec passthrough. The downside is that your coworkers (who I assume are using this) needs to perform additional configuration.

Related Topic