External to Internal (Public to Private) DNS Resolution Question
Hey all,
DNS question. My setup:
MediaOne public IP address on external interface of a Linux firewall/gateway machine running iptables, protecting about 30 computers behind it. I have internal DNS running on the machine.
I have domain names registered. The DNS servers are provided by the hosting company to point to my one public IP address. I also have aliases setup at www.mydomain.com, smtp/pop/ftp.mydomain.com, etc.
Now, here's my question.
Using DNS and iptables, is there a way to have my domain registrar point to my DNS server instead (running on the same machine as BIND and iptables), and then have all queries that point to internal-machine.mydomain.com map to that particular internal machine, without breaking iptables rules? Such as...
www.mydomain.com would map to 10.10.10.4
ftp.mydomain.com would map to 10.10.10.4
www2.mydomain.com would map to 10.10.10.5
ftp2.mydomain.com would map to 10.10.10.5
smtp.mydomain.com would map to 10.10.10.6
pop.mydomain.com would map to 10.10.10.6
The www's, ftp's, and pop/smtp on different ports, of course. As if each machine was publically accessible to the outside world (or, whatever machines I specify in the external->internal DNS resolution conf files)...so I could telnet, ftp, and smtp to internal-machine-one.mydomain.com, or telnet, ftp, and smtp to internal-machine-two.mydomain.com (assuming DNS had that particular mapping configured, all the 'protected' machines that aren't publically viewable wouldn't be setup in the external-to-internal DNS conf files).
Is that possible? Or should I clarify more?
Thanks in advance!
DNS question. My setup:
MediaOne public IP address on external interface of a Linux firewall/gateway machine running iptables, protecting about 30 computers behind it. I have internal DNS running on the machine.
I have domain names registered. The DNS servers are provided by the hosting company to point to my one public IP address. I also have aliases setup at www.mydomain.com, smtp/pop/ftp.mydomain.com, etc.
Now, here's my question.
Using DNS and iptables, is there a way to have my domain registrar point to my DNS server instead (running on the same machine as BIND and iptables), and then have all queries that point to internal-machine.mydomain.com map to that particular internal machine, without breaking iptables rules? Such as...
www.mydomain.com would map to 10.10.10.4
ftp.mydomain.com would map to 10.10.10.4
www2.mydomain.com would map to 10.10.10.5
ftp2.mydomain.com would map to 10.10.10.5
smtp.mydomain.com would map to 10.10.10.6
pop.mydomain.com would map to 10.10.10.6
The www's, ftp's, and pop/smtp on different ports, of course. As if each machine was publically accessible to the outside world (or, whatever machines I specify in the external->internal DNS resolution conf files)...so I could telnet, ftp, and smtp to internal-machine-one.mydomain.com, or telnet, ftp, and smtp to internal-machine-two.mydomain.com (assuming DNS had that particular mapping configured, all the 'protected' machines that aren't publically viewable wouldn't be setup in the external-to-internal DNS conf files).
Is that possible? Or should I clarify more?
Thanks in advance!
