Create Public DNS that maps to private IP space

domain-name-systemrouting

I'm trying to create a setup where I have one public facing IP address that feeds to several different internal servers where each server has a unique IP in private IP space – the route is determined by the incoming domain request (similar to Apache Virtual Hosts, but for all traffic – not just HTTP). What services would I need in place to create something described above? A proxy server, load balancer, etc?

Best Answer

You have made huge changes to your question and completely dropped the EC2 aspect of it, but here's my new response:

I think you need to learn a bit more how DNS works and how virtual hosts work. DNS is used to turn a hostname into an IP address (or set of IP addresses). Once an application has an IP address to talk to DNS is no longer involved.

Virtual hosts is a feature enabled by the HTTP protocol (version 1.1 and up). When contacting the IP address, the client passes in the hostname they want to make the request of. Your proxy server would need to be set up to understand HTTP and map to different back end servers.

Most other IP protocols do not have this feature so there is no way to do what you ask. E.g., there is no hostname involved after the DNS lookup when you ssh to a server.

That said, it sounds like you have a particular problem to solve. Rather than assume IP address routing is the answer, how about asking about what you are trying to do at a higher level and see what folks come up with? I'd recommend starting that in a new question.

I leave below my original responses to what appeared to be your original set of questions...

What you are trying to do is not clear from the wording of your question. Here are some answers to possible questions:

It is not possible to "conserve IP addresses" on Amazon EC2. Each instance uses one public IP address whether or not you allow it to be accessed from the Internet.

EC2 already has private DNS names for the private IP addresses, but they are no more useful to use than the private IP addresses themselves.

You are welcome to run your own DNS server inside or outside EC2. There are some DNS serving software packages that support code plugins where you dynamically determine the resulting IP address based on algorithms.

If you resolve an EC2 instance public DNS name from an EC2 host, Amazon will return the private IP address so your networking will be faster and cheaper. For more information on this feature, see this article I wrote:

Using Elastic IP to Identify Internal Instances on Amazon EC2
http://alestic.com/2009/06/ec2-elastic-ip-internal

Related Solutions

Nat – Internet access from private VPC subnet

yes, you must have iptables masquerading set up on the nat host.

iptables -A POSTROUTING -t nat -s (private-subnet/cidr) -j MASQUERADE

we have the same set up, you've done everything else correctly (disable source check, point private subnet to the interface of the nat instance, point public subnet to the igw).

Openvpn – How to Setup OpenVPN as Internet-Gateway and Connection between multiple Private networks on Virtualized Server

1Have you enabled IP forwarding?

sudo vi /etc/sysctl.conf #uncomment net.ipv4.ip_forward and set = 1

net.ipv4.ip_forward = 1

sudo sysctl -p

If you are using TUN then there is a tunnel IP address that your client has. The default pool is 10.8.1.0/24. Unless your router knows about the tunnel IPs and has routes for them, you need to masquerade (NAT) the IP addresses of the tunnels so that the OpenVPN Server will rewrite the source address to be itself. It seems like you may have this covered by your mention of routing 10.8.0.0/24.

sudo apt-get install iptables-persistent
sudo iptables -t nat -A POSTROUTING -s 10.8.1.0/24 -o eth0 -j MASQUERADE
sudo sh -c 'iptables-save > /etc/iptables/rules.v4'

Best Answer

Related Solutions

Nat – Internet access from private VPC subnet

Openvpn – How to Setup OpenVPN as Internet-Gateway and Connection between multiple Private networks on Virtualized Server

Related Topic