I'm not sure if what I want to do is possible, and google wasn't my friend in researching this, hopefully someone here may have an idea.

From my office, I need to run a piece of software that will talk to multiple computers on my network at home.  Unfortunately, it does not support communication on alternate ports, meaning that I could only set up one machine at home.

What I'm wondering is if there was a way to run a DNS server at home, and define machine1.example.com, machine2.example.com, etc, and route specific ports for these domain names to the correct machines behind the firewall.

Right now, everything that I've ever set up at home I'm just hitting specific ports at my main domain name (example.com), and iptables takes care of everything I need, but for this issue, I'm stumped at how to proceed.

To make this an easy example, pretend that machine1 and machine2 were both web servers, and I need to reach each of them on port 80.  Can this be done?

As far as I know is that iptables works with ip adresses and not domain names.

My recommendation is either port forwarding or use a better program. Btw what program are you using.

Btw first obey the forum rules...

What you try is technically not possible with TCP/IP, only some protocols (like HTTP) know workarounds.

When your software tries to connect to machine1.example.com, it first resolves machine1.example.com to an IP and then tries to connect to a port on this IP.
As both machine1 and machine2 will resolve to the same IP, your router only sees the connection to its IP, and can't tell whether your computer wants to connect to machine1 or machine2.

The only chance is, that the machine tells the router *after* connecting to which hostname it wanted to connect. This is e.g. supported in the HTTP protocol, and is generally called virtual hosts.
Then you need a web server which supports virtual hosts and proxying on your router (e.g. apache, and perhaps lighttpd, but never tried it), that redirects any request to it to the correct webserver in your lan.

(Last edited by KanjiMonster on 22 Oct 2007, 10:36)

Thanks, I was suspecting this was the answer, but thought it worth asking just in case.

The software in question is Apple Remote Desktop, a VNC client for Macs, and from all the checking I've been able to do does not allow the use of alternate ports for communication.

Your best bet... is to setup a VPN tunnel of some sort...   No, you can't map connections to the same port to different machines by a "dns" name... especially as that information is not sent as part of the IP header.  routing/natting etc... are done based on IPs.  DNS is only used to translate a name into an IP ... then the client connects to the IP.

  You *could* nat the ports... i.e. 5000 becomes 5002 for machien 2... then simply VNC into the machine:5002 instead of 5000.

use openvpn, it works through http proxies and allow you to define the port numbers used.  Not sure about mac clients though, but works well for linux and windows, ssl with x509 certificates and allow network to network connectivity