Is it possible to use bind to resolve a domain name to a port on the localhost.
IE. Im running BIND on domain.org, and I want BIND to resolve sub.domain.org to port 22?

Story goes, Ive got a new office, full of computer projects im working on. Ive got a new freebsd box acting as a gateway with my single ip address on the external interface. On the internal lan, Ive got a number of boxes with privately routable ip addresses.

I need to be able to ssh to one of these internal boxes, names andromeda. Already, im setting up ipnat port forwarding to forward the external port 42000 on the freebsd machine to the internal port on andromeda 22. What I was to know is, is there a way to have bind resolve andromeda.domain.org to 127.0.0.1:42000?

So far, bind doesn't seem to like it when I try to resolve a port and an ip address.

you can probally get somthing to work with iptables fowarding, but im to nibby to tell you how exactly

man iptables


you might have to use a different port on the external if that machine needs ssh as well, and just have that port foward to the correct port on the internal machine.


somthing else that I do here at home that works well, is to simply ssh into the gateway machine, then ssh FROM the gateway machine to the internal client machine. Probally not very efficiant if you want to copy files over ssh bc you woudl have to use two hops, but it works just fine for running commands (even wget ect)

oh yeah, and fowarding anything to 127.0.0.1 is a probally a complete waste of time. That is your lookback address, and isnt going to let anything go anywhere. Use your other IP :P

the 192.168 or the 10.10 or whatever.

a domain name doesn't have any connection to a port. wether you are useing http, smtp, ssh etc.. the hostname is still the same... the port number comes later on. basically this isn't bind's "problem" in any way. i would say just use the different port number on the external machine. forward port 222 or something instead.

Well, if using bind to redirect to a different port is impossible, does anyone know if it is at all possible to use bind to reference an ip address on the internal lan if that IP is non-routable?

You see, I was hoping that using different ports might be a way around the fact that the internal IP's are part of the 192.168 group, and those couldn't possibly work behind a nat box, could they...?

Like I said, Ive got the port redirection down, but having DNS for those boxes on the inside would be useful.

An "unroutable" IP is just that: Not routable to from the Internet, period.

What's wrong with normal port forwarding? You can forward a port from an external IP to the same, or a different port an an arbitrary internal IP. It has nothing to do with resolving names to IPs, it has everything to do with translating external IPs to internal IPs and translating (or not) port numbers.

Well, convenience, of course

Wouldn't you love a gateway that could take a hostname, figure out its an internal machine, and do NAT translation

Wouldn't you love to connect to a subdomain of some machine, instead of have to remember a port number for redirects.

Im just confused over why someone hasn't developed a daemon that can translate a subdomain to a port redirect, and take care of all of the messy translation stuff.

I suppose it would be similar to virtual hosts in apache. I dont know the gory details myself, but somehow that machine is taking the domain name and directing the packets where they need to go.

I think its a great idea... haven't seen it before though.

But you see not every application layer protocol require that the domain name to be passed to the server. HTTP does, and in fact using Apache virtualhosts and mod_proxy you can achieve what you want, though only on http.

It is possible to accomplish what you said, but will require a rewrite on many protocols and many existing softwares.

IP shortage is a problem yes, but a solution called ipv6 is being developed.