hey everyone

I have been googling the web and usenet for a while looking for something on this, but havent come up with much.

At home I have two machines running gentoo, and a router running RH9. Right now the only piorts forwarded out the router are 80 and 53 for the httpd/bind on an internal machine.

What I would like to do is configure subdomains to refer to the internal machines, so if I want to ssh (or any other service) into a specific machine, I can access it at hostname.mydomain.com. I realize that to do this the "normal" way I would need three internet connections, and then (i think) run multiple nameservers to handle the subdomains. However, I think there should probably be some way to do this by maybe forwarding all the necessary ports from the internal machines out of other ports on the router, and then somehow when I use the subdomain, I need it to know which port to look to depending on the service I am requesting and which machine I am going to.

If anyone could point me in the right direction here or offer me any advice I would sure appreciate it.

Thanks

First, a little clarification of terms. A sub-domain is a domain name which is delegated from the Start of Authority (SOA) for the registered primary (top level) domain name. Example:

mydomain.com = primary (top level) domain name. This is the domain name that is registered with the root name servers.
host1.mydomain.com = Fully Qualified Domain Name (FQDN) within the domain space mydomain.com
host2.mydomain.com = FQDN within the domain space mydomain.com

sub1.mydomain.com = delegated sub domain sub1. Note: A delegation record would need to be added to the zone file for mydomain.com so that proper recurrsion would occur.
host1.sub1.mydomain.com = FQDN within the domain space sub1.mydomain.com
host2.sub1.mydomain.com = FQDN within the domain space sub1.mydomain.com

With regards to your post, I sounds like all you need is to create a single domain name with a single zone file that contains all the address records (hosts) on your network. i.e. FQDN. I have some bind examples if your interested.

The rest of your post is confusing. I can't tell if your are wanting to connect to your gentoo systems from and external source on the internet (like through your firewall) or simply from another system on your LAN using its FQDN. Maybe you can clarify this point.

If the redhat firewall has an external ip of say 9.0.0.1 and internal ip of say 192.168.0.1
and you have three internal machines or say ip of
192.168.0.5 machine1.internal.com
192.168.0.6 machine2.internal.com
192.168.0.7 machine3.internal.com
and they each have a webserver running on port 80. can be different but it doesn't matter.
when you connect from the internet to these subdomains they all have private ip addresses unless you assign public ones. And the subdomains will still go to the default port.
like http://www.internal.com and http://machine2.internal.com will both go to port 80 or ssh will still go to default port 22 unless you specify the port.
So you might as well have just one domain name have internal subdomains. and whenever you want to go to a different computer have the firewall port forward.
say for ssh.

192.168.0.5 machine1.internal.com port 2001
192.168.0.6 machine2.internal.com port 2002
192.168.0.7 machine3.internal.com port 2003
os when you ssh into the redhat box on port 2001 it will automatically forward the connection to machine1.

So you'll end up with two port forwarding rules one on your router and one on the redhat box for every connection.
This way you need just 1 ip and 1 dns server.

scowles:

thanks for the reply. I am wanting to connect to these systems from outside my local network. I would be interested in looking at your example BIND files if you would be willing to send them to me.


zatriz:

thanks. how do I set up the internal subdomains so that they will act this way?

zatriz: your port forwarding example is what I was getting it in my original post. however, I dont want to have to do "ssh mydomain.com:2002" or "http://mydomain.com:2002" for machine 2, I want to be able to just "ssh machine2.mydomain.com" and have it automatically know what port to go through. Can you give me any idea how to do this?

Ok first get the bind files and setup a bind server on redhat that can resolve all internal ip address.
The address have to be static so they cant change so if you have a dhcp server make sure to assign ips by mac address or assign it staticly on the clients.

You have to choose a port for each application and for each machine
say machine1 with ssh will be port 2001
so port forward port 2001 from the router to the redhat box and then setup another port forward rule using iptables to port forward port 2001 on redhat to port 22 on machine 1
so like this
router(port 2001) --> p 2001 external nic(redhat box) internat nic port 2001 --> port 22 ssh (client machine 1)

You need to understand how dns works.
It doesn't resolve ports just ip addresses.
So when you go to domain.com or host1.domain.com or host2.domain.com they all point to the same public ip that you have assigned. So When the dns server resolves that hostname to an ip address it doesn't care or know what port to go to. Thats the responsibility of the requesting application like ssh client or web browser.
So in answer to your question No, what you are trying to do is impossible, unless you have 3 ip address

ok, the router is RH, and I have another RH box inside the network that is web/DNS. So, how can I go about setting up bind to resolve the subnets? Also, I use static IP's on my internal network.

I already have BIND setup for two domains, myname.com and myotherdomain.com, but I dont know how to set it up to do the subdomains. Is it going to be difficult to specify to it which ports to use for which computer depending on if I am trying to do ssh, http, nfs, etc?

I understand the basics of DNS, and I know that it only resolves to my one IP, which is why I mentioned in my first post that I would usually need multiple IP's. However, I'm sure that it will be possible to work this out somehow, and I posted originally to see if other people had some sort of solution for this that I could borrow from before I start working on it.

I truly appreciate your help, though

The only way that i think you can do this without using more than one ip or specifing the port numbers would be if you became the authoratative primary dns server for your domain. When whenever someone resolves your domain it will come to your computer first. That way you might be able to get the redhat box to resolve the ip address to that of the public but still setup a connection to the internal machines. I've never done it but i believe it could be done.
For http connections this is easy for ssh its a lot more difficult

can anyone elaborate on how this could be done, without telling me to read a book on bind?

Zatriz, please re-read my post. It was broken up into two parts. 1) to clarify DNS terminology, and 2) ask for clarification of how the OP poster wanted to conect to these systems. i.e. through a firewall. Sorry if you misunderstood that. Now that the OP has clarified his scope, we can discuss firewall/port forwarding issues. Gezzz!

scowles,
I reread your post and I got what i said the first time, but I got from the original post from the OP that he wanted to connect from the internet. And as such i replied accordingly. So please correct me if I said anything that is inaccurate.

basically, I need to look to a different port on the firewall, based on the host specified and on whatever service I want to use (ssh, http, whatever). Has this been done, and if so, how? Otherwise, anything that gets me a few steps forward is a big help

thanks