Hi all! I would be grateful if someone could shed some light onto this. The facts are as follows:

1. I have at work a regular LAN with many PCs, each with a DNS-registered public IP. Therefore I am able to address each of these PCs by their fully-qualified names and, for instance, initiate ssh sessions to any of these computers just by typing "ssh <name_of_machine>" from a terminal.

2. Within the aforementioned LAN I have just created a private network with some clients, which access the LAN through a router (a D-link DIR-825). We have created this private network for many reasons, but most importantly because we need to guarantee that the hosts in this network will remain networked among them even if the LAN goes down for any reason (which unfortunately happens often). But we still need to have access to the hosts in the private network from the LAN.

3. I am able to define port forwarding rules in the router in order to access certain services on the private network's clients. For example. I am able to access (by ssh) hosts "H1" and "H2" on the private network from a client on the LAN by defining rules for forwarding ports "P1" and "P2" on the router's public IP to TCP port 22 on the private IPs of "H1" and "H2", respectively. Then I would access each of these hosts from the LAN by using:

>ssh -p P1 [ip.address.of.router] (for accessing H1) and
>ssh -p P2 [ip.address.of.router] (for accessing H2)

4. The problem with the port forwarding approach is that it is not easily scalable. For instance, If I wanted to enable ssh access to each host in the private network, I would have to define a port forwarding rule for each machine, and then REMEMBER all these port rules when initiating a ssh session from the LAN in order to point to the right host. And the problem gets worse when considering more services in addition to ssh.

5. The ideal solution would be to be have a means for addressing each host in the private network individually, in much the same way in which I address the hosts in the LAN (which have DNS-registered names). For instance, in order to access hosts H1 and H2 as in the previous example, i would like to be able to just type

>ssh [name_of_host_H1] (for accessing H1) and
>ssh [name_of_host_H2] (for accessing H2)


The bottom line:

I guess I can say that what I need is some kind of combined DNS-ing and routing that allows me to communicate with the hosts in the private network from outside of it in a transparent way.

The question is: what are any possible solutions for accomplishing this? I have searched the web and found stuff about things like VPNs, reverse-proxies and NAT servers, but I really can't understand if any of these could serve to solve my problem (BTW, isn't my router doing some sort of NAT-ing already? could I just add some DNS-ing in some way?)

Thanks in advance for any ideas, and sorry for the long post.

Regards,

Jorge.

avahi and IP subnetting will do most of this for you, no DNS necessary. Worst case scenario if avahi will not broadcast across subnets, use the router to relay avahi's UDP packets across both subnets.

Give me an example IP address and netmask in both subnets.

Thanks for your reply, mpapet. The private network has vanilla-favored addresses of the 192.168.0.1/24 type. Public addresses are also Class-C type.

I have taken a glimpse at Avahi's site and looks promising as a solution, although not really straightforward to use (at least for me). Could you please elaborate on how could I use Avahi to achieve the previously mentioned goal? Would I need to install a dedicated server with Avahi on the LAN for resolving queries to hosts on the private network (the ".local" domain, right?)? or enable it on each host in the private network? or in a server inside the private network?

Thanks in advance for your help.

Jorge.

Avahi is a host-based solution for private networks. There's no server. Computers basically broadcast their presence on the LAN and other computers use the broadcasted information to find hosts. Most desktop distros have avahi packages already installed as part of a desktop. If you are serving anything inside your LAN, you can advertise the service on avahi too.

I'm a little unclear on your plans for hosting stuff on the Internet. Is that part of the plan? Avahi is not really for broadcasting on the Internet.