I can't get any further. I would like to open port 80 (port forward rules) and assign the requests to different web servers via DNS. So far nothing works. Example: www.xyz.info on 192.168.1.2 and www.abc.info on 192.168.1.3. How do I have to configure the DNS on Openwrt?
You cannot use DNS on any device or system to redirect to another port by just an A (or AAAA) record.
Do you have different Public IPs avaliable?
Otherwise this is done on a single HTTP server by configuring the server to respond with content based on hostname.
You may be able to setup some HTTP inbound proxy to do it.
2 Likes
Override default DNS server for specific domain queries? - #4 by frollic for the IPs.
Make sure you use the DNS in the router, or it won't work.
2 Likes
How would that help the OP open the firewall to allow inbound connectivity for multiple HTTP servers on ports other than 80/tcp (assuming OP only has 1 Public IP) - and do so by Global A record(s)?
1 Like
A reverse web proxy is needed to inspect the layer 7 information, which contains the hostname, and forward it to the appropriate internal server.
4 Likes
wasnt' sure if the calls would be internal or external, but I guess they come from internet.
2 Likes
First of all, the router in the LAN is the DNS server (IPv4). When requests arrive from the LAN, it looks like this:
192.168.1.2.40498 > 192.168.1.1.53: [udp sum ok] 53812+ A? www.xyz.info. (61)
IP (tos 0x0, ttl 64, id 44185, offset 0, flags [DF], proto UDP (17), length 105)
192.168.1.1.53 > 192.168.1.2.40498: [bad udp cksum 0x83bd -> 0x2cf1!] 53812 q:
A? 192.168.1.1.53. 1/0/0 www.xyz.info. A 84.03.20.1
At the same time, the router makes a WAN DNS request to the ISP DNS server that looks like this.
.930751 IP (tos 0x0, ttl 61, id 41818, offset 0, flags [none], proto UDP (17), length 105)
User_WAN_DNS.56882 > ISP_WAN_DNS_IP.56882: [udp sum ok] 44187 q: A? www.xyz.info. 1/0/0 www.xyz.info. A 84.03.20.1 (77)
As a result, the WAN IP is now known and has the DNS name from the ISP via PPPOE and others, if available, via e.g. Dyndns.
All requests should now be sent to the router, regardless of which port (network protocol) and since I always need at least one LAN socket with IPv4, which must be opened in the firewall. Is it only possible to set up a reverse proxy in the LAN or what?
Firewall - port forwards do not allow requests
to route or switch
e.g. 192.168.1.60:80 and 192.168.1.65:80 should be uniquely assigned in the LAN via their DNS names. But I mean about an openwrt solution? If the firewall can't do that somehow, it's stateful packet inspection.
You can set up the reverse proxy on OpenWrt as well.
2 Likes
Can't the firewall do that too?
You only have 1 Public IP, correct?
If so, you cannot use the firewall with 1 Public IP (i.e.
only 1 port 80/tcp available) to somehow "split" it into two private IPs (i.e. somehow make 2 port 80's). You'll need a HTTP proxy that can use "see" the hostname and forward it to the correct server.
(You're literally describing why IPv4 NAT and port forwarding exists.)
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.