Network Systems Help: How to route an external request, by hostname to an internal ip


Welcome to my first question on stack overflow.

I've looked around, and I haven't found this question asked yet. However, that may be because I don't know how to ask the question that I need answered.


I'm a programmer who left the public sector that had a, surprisingly, well-managed IT department that had all this crap working for me. I now work for a private company that needs a bit of network systems help.

We have:

  • A SQL Server
  • An Application Server
  • A File Server
  • A Web Server
    • multiple web services
    • team foundation server
    • share point services
  • 5 desktops

all on our internal network.

We also have:
– No domain controller
– No Internal DNS / NAT / DHCP Server.

We're currently using a router for DHCP and Port Forwarding. We are getting a static IP assigned today.


What do I need to setup in order to point our external domains / subdomains to our new static IP and have those requests routed (by the hostname used) to hit a specific server?

Current Configuration (Port Forwarding) -> router/port-forwarding -> SQL Server:1433 -> router/port-forwarding ->  Web Service 1:8081 -> router/port-forwarding ->  Web Service 2:8082 -> router/port-forwarding ->  Application Server:5410

What I think I want:  -> ??? -> SQL Server:1433 -> ??? -> Web Service 1:80 (host: -> ??? -> Web Service 2:80 (host:  -> ??? -> Application Server:5410

The (host: xxx) is where I would specify the host in the IIS website configuration.

There will be some instances where port-forwarding is necessary, but it's not ideal for every instance. I want to remember meaningful names, not arbitrary port numbers.

If what I'm asking here is completely ridiculous, well, thanks for reading. I'm just looking for some direction.



12:01 am PDT 4/19/2012

Sorry, let me clarify a few things.

  1. We only have a single static public IP address.
  2. Assume that we can acquire / setup the necessary hardware / software to achieve this.

If what it comes down to is that we need to buy some enterprise level routing hardware, that's just what it takes. I know this has to be possible because at my last job, we had 40 or 50 domains all pointed to the same IP that routed to different servers once inside the internal network. :/ Or at least that's what happened to the best of my knowledge.

I actually called them up today and asked them, but the main dude who set it all up quit.

I'm really pushing for us to just get our crap out into the cloud, since no one wants to hire a network engineer or systems analyst, much less build a data center.


Best Solution

An easy way that this could work if each subdomain resolves into different public ip addresses (e.g. if your DNS was configured such that resolves to and resolves to  IN A IN A

Your router can only make decisions based on limited information contained inside of the ip packets. Commonly, routers can look at the ip or port information. In the case where your router is configured with port forwarding, the router looks at the port number and makes address translation decisions using that the port.

rule: incoming port 1000, forward to
rule: incoming port 1001, forward to

However, if the port is the same, the router needs other information to decide how to perform the translation. Most low-end routers (e.g. Cisco ASA series, Juniper SRX series) can use the ip to make this address translation decision. The downside is that that you'll need to purchase multiple ip addresses from your ISP.

rule: incoming ip, forward to
rule: incoming ip, forward to

IIS, which operates on a much higher layer on the network stack, can make this differentiation by looking at the HTTP headers. This works for multiplexing a single ip and single port to multiple websites. In this case, since SQL and your web server speak different protocols, you won't be able to leverage this.

Another technology that you may want to consider is IPsec tunneling (VPN) if your device supports IPsec passthrough. The downside is that your coworkers (who I assume are using this) needs to perform additional configuration.

Related Question