Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 7 replies
  • Subscribers 28 subscribers
  • Views 4301 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Domain resolve to IP + Port

Dimitri Mathieu

Hi all,

 

I am using a Sophos XG for home and I face a small problem.

 

From outside my home I have my domain DNS pointing to different IP + Port with DNS redirection :

- MyDomain.com -> xxx.xxx.xxx.xxx

- AAA.MyDomain.com -> xxx.xxx.xxx.xxx:YYYY

- BBB.MyDomain.com -> xxx.xxx.xxx.xxx:ZZZZ

 

Now from inside my LAN I have set a DNS entry on the XG Firewall to resolve MyDomain.com to 192.168.1.1 (Sophos LAN IP).

But I don't know how to redirect subdomain to 192.168.1.1:specificPort ?

I have tried to resolve subdomain to specific IP like 192.168.254.1 and tried to redirect that specific IP with DNAT but without success.

 

Can anyone help me please ?

 

Thank a lot.



This thread was automatically locked due to age.
Parents
  • +1

    Hello Dimitri, 

    As per your requirement you have technically 2 options.

    • Option 1.
      • You may use external server that would act to redirect the URL + port address pointed to the XG firewall.
      • This may need an external server to redirect the request to XG WAN IP this would depend if your DNS service would have that provision.
      • You may add multiple domains or websites and divert them to different ports as per request.
    • Option 2.
      • You would need multiple DNAT rules for each domain and for each WAN IP.
      • Create a DNAT rule for each WAN interface and MAP with external port 80/443 to internal port XXXX,YYYYY
  • +1 in reply to Aditya Patel

    Your option 2 is what I'd like to achieve but I cannot get it working. Here are the steps I took :

     - On LAN interface, create an alias on 192.168.254.1

    - Create an DNS entry to redirect sub.domain.com to that interface alias (192.168.254.1)

    - Create a DNAT rule as follow : 

         Source Zone : LAN (192.168.1.1, my real LAN from where I'd like to access the page)

         Allowed client network : Any

         Destination host : LAN Alias (192.168.254.1)

         Service : HTTP

         Forward to : MyServerIP (192.168.1.215) on port XXXX in protected zone LAN

     

    I guest I am doing a mistake something here.

     

    EDIT :

    I have found my error, I cannot alias on an different IP range, it doesn't bridge magically. And I couldn't add other interface as I only have two physical nic ports.

    If I create a alias on 192.168.1.250, my rule work. It's a bit dirty but it's for an home usage.

Reply
  • +1 in reply to Aditya Patel

    Your option 2 is what I'd like to achieve but I cannot get it working. Here are the steps I took :

     - On LAN interface, create an alias on 192.168.254.1

    - Create an DNS entry to redirect sub.domain.com to that interface alias (192.168.254.1)

    - Create a DNAT rule as follow : 

         Source Zone : LAN (192.168.1.1, my real LAN from where I'd like to access the page)

         Allowed client network : Any

         Destination host : LAN Alias (192.168.254.1)

         Service : HTTP

         Forward to : MyServerIP (192.168.1.215) on port XXXX in protected zone LAN

     

    I guest I am doing a mistake something here.

     

    EDIT :

    I have found my error, I cannot alias on an different IP range, it doesn't bridge magically. And I couldn't add other interface as I only have two physical nic ports.

    If I create a alias on 192.168.1.250, my rule work. It's a bit dirty but it's for an home usage.

Children
No Data