Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 7 replies
  • Subscribers 28 subscribers
  • Views 4301 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Domain resolve to IP + Port

Dimitri Mathieu

Hi all,

 

I am using a Sophos XG for home and I face a small problem.

 

From outside my home I have my domain DNS pointing to different IP + Port with DNS redirection :

- MyDomain.com -> xxx.xxx.xxx.xxx

- AAA.MyDomain.com -> xxx.xxx.xxx.xxx:YYYY

- BBB.MyDomain.com -> xxx.xxx.xxx.xxx:ZZZZ

 

Now from inside my LAN I have set a DNS entry on the XG Firewall to resolve MyDomain.com to 192.168.1.1 (Sophos LAN IP).

But I don't know how to redirect subdomain to 192.168.1.1:specificPort ?

I have tried to resolve subdomain to specific IP like 192.168.254.1 and tried to redirect that specific IP with DNAT but without success.

 

Can anyone help me please ?

 

Thank a lot.



This thread was automatically locked due to age.
  • 0

    Hi,

    do you port as in 3889 or do you port as in network port? If you are talking about accessing server then internally that is not going to work if the server is on the same LAN and your devices.

    Please explain exactly what you are trying to achieve?

    Ian

  • 0 in reply to rfcat_vk

    From my internal LAN, I want to redirect xxxx.mydomain.com to 192.168.1.1:9091 for exemple.

     

    With DNS entry into XG Firewall I can easily do it to an IP but not to a specific port. There is probably a way of doing it with a DNAT trick but how ?

  • 0 in reply to Dimitri Mathieu

    Hi Dimitri,

    is the XG your DNS or do you have another device as a DNS? You will need to investigate DNS routing in the Networks tab.

    Ian

  • 0 in reply to rfcat_vk

    I have a local DNS server for LAN namespace, then it forward to the XG Firewall.

    But I don't know how to it either into a Windows DNS server.

  • 0 in reply to Dimitri Mathieu

    Hi Dimitri,

    from my memory of MS DNS it does not have the functions you are after and neither does the XG DNS.

    If you put the server on another network you could use the DNAT.

    Ian

  • +1

    Hello Dimitri, 

    As per your requirement you have technically 2 options.

    • Option 1.
      • You may use external server that would act to redirect the URL + port address pointed to the XG firewall.
      • This may need an external server to redirect the request to XG WAN IP this would depend if your DNS service would have that provision.
      • You may add multiple domains or websites and divert them to different ports as per request.
    • Option 2.
      • You would need multiple DNAT rules for each domain and for each WAN IP.
      • Create a DNAT rule for each WAN interface and MAP with external port 80/443 to internal port XXXX,YYYYY
  • +1 in reply to Aditya Patel

    Your option 2 is what I'd like to achieve but I cannot get it working. Here are the steps I took :

     - On LAN interface, create an alias on 192.168.254.1

    - Create an DNS entry to redirect sub.domain.com to that interface alias (192.168.254.1)

    - Create a DNAT rule as follow : 

         Source Zone : LAN (192.168.1.1, my real LAN from where I'd like to access the page)

         Allowed client network : Any

         Destination host : LAN Alias (192.168.254.1)

         Service : HTTP

         Forward to : MyServerIP (192.168.1.215) on port XXXX in protected zone LAN

     

    I guest I am doing a mistake something here.

     

    EDIT :

    I have found my error, I cannot alias on an different IP range, it doesn't bridge magically. And I couldn't add other interface as I only have two physical nic ports.

    If I create a alias on 192.168.1.250, my rule work. It's a bit dirty but it's for an home usage.