It seems to accomplish the example you posed, you need 2 external IPs. Say they were 1.1.1.1 and 1.1.1.2 for example. Then in DNS you could do:
ftp1 -> 1.1.1.1 ftp2 -> 1.1.1.2 www1 -> 1.1.1.1 www2 -> 1.1.1.2 And on your firewall do: 1.1.1.1 port 21 -> 192.168.0.10 1.1.1.2 port 21 -> 192.168.0.50 1.1.1.1 port 80 -> 192.168.0.12 1.1.1.2 port 80 -> 192.168.0.33 Or, alternatively, you can Virtual host the 2 www ports. But the ftps, if you want them to both be on port 21, need to have to separate IPs. The way I do it at work is use port 21 for anon ftp and another port for registered users ftp. That way the rules look like: 1.1.1.1 port 21 -> machine 1 port 21 1.1.1.1 port 2121 -> machine 2 port 21 Hope this helps. -rishi On 13 Feb 2002, Ramon Acedo wrote: > Hi again! > Thanks for your quickly answers, > > I think I hadn't explained enough clearly in the first mail. > The problem is the following: > I have a SINGLE public ip with an associated domain. In that host I have > a DNS server, mail server, web, etc. The important point is at the DNS. > What i'd like to do is that the firewall forward all the packets > independently of the destiny port, which can be any, to a host of the > intranet with a private ip. The rule for decide which packets go to what > host in the intranet is the name that the client refered to. > Example: > when I do a ftp to ftp.mydomain.net my DNS server would forward the > request to the host 192.168.1.10. > > I'd like to have a map like this: > > ftp1.mydomain.net ---> 192.168.1.10 > ftp2.mydomain.net ---> 192.168.1.50 > www1.mydomain.net ---> 192.168.1.12 > www2.mydomain.net ---> 192.168.1.33 > > and so on > But Actually in the internet all that names lookup to 213.1.2.3 > and of course the 192.168.x.x is never seen from the internet > > I know that apache can manage vhosts and I could redirect to a intranet > host all the web traffic coming to www2.mydomain.org, the same can be > done with wu-ftp or proftp where u can have multiple domains/dubdomains > and have different ftp root directorys depending on the name the client > used to contact it, and then I could set that roots pointing to nfs > mounted directories of the internal net, but what I'd like is that all > the traffic forward would depend on the name used by the client. > > As I said it's not a port forwarding matter it would be a program which > could manage domain name vhosts and do some kind of bridging / > forwarding to the intranet depending on the name the client reffered. > > So the idea is to emulate lots of real ips with just 1 public ip and 1 > domain with all the subdomains I'd need. > > Uh! I hope to have been clear enough this time, my English is not > perfect (I'm Spanish) so please let me know if u got the idea, ok? > > Thanks a lot guys! > > Ramon Acedo > > > > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] >