Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
G
G
ghostku2015-05-27 15:50:46
Domain Name System
ghostku, 2015-05-27 15:50:46

How to organize access to an intranet resource via an external link?

It was difficult to form your question in one application for the title, so now I will write in more detail.
Let's say there is a network 192.168.1.0/24 in the network:
192.168.1.1 - Gateway (Mikrotik)
192.168.1.2 - RDP Server (Windows 2008)
...
192.168.1.100 - Client (WIndows 7)
The router has an external static IP to which it is attached domain like 1c.site.com. Port forwarding is configured on the router 1c.site.com:8888 -> 192.168.1.2:3389. Therefore, clients outside have no problem connecting to RDP. But when the same client is inside the network, he can no longer connect to 1c.site.com:8888. Of course, you can create a separate shortcut to 192.168.1.2:3389, but this solution is not universal and should be a more beautiful solution.
Therefore, I'm interested in a few questions:
1 - Tried to set up an internal DNS but could not get to change the port. As I understand it, this problem cannot be solved using DNS
2 - I tried to set up port forwarding, but I probably couldn’t figure it out, now port forwarding only works if they are accessed from outside, see screenshots
3 - Maybe this problem is generally solved by not the methods that I think about?
0Kw7uW0.png9m3OPyb.png
PS RDP is taken only as an example, in fact, we are talking about a wide variety of services: RDP, DVR, Web resources, etc.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

3 answer(s)
Report
T
throughtheether, 2015-05-27
@ghostku

Hairpin NAT .

Report
A
Anton, 2015-05-27
@Largo1

I understand that the example implies that users are rummaging around with their laptops, etc. in free float mode?
then I think it's easier to do this:
/ip firewall mangle>
add chain=prerouting dst-address=1c.site.com d-port=8888 in-interface=bridge-local action=mark-connection new-connection-mark=to-rdp -from-local-conn
add chain=prerouting dst-address=1c.site.com d-port=8888 in-interface=bridge-local action=mark-packet new-packet-mark=to-rdp-from-local- pkt
once RDP is taken as an example
and then with firewall filters to overtake such a user where required)

Report
G
ghostku, 2015-05-27
@ghostku

After I received a practical answer to my question in principle, I had a theoretical question. Is the method proposed by me and implemented at the prompt throughtheether optimal for solving this problem? After all, now every time, even when working from within the network, clients will load the router processor with their traffic?
Let me remind you that initially the task was to organize access to an intranet resource using a unique address:port pair both from inside the network and from outside.

Similar questions
V
vanush942015-11-27 11:41:30
How to set up Private Nameserver in WHM on Amazon EC2? 1Reply
T
Tyoma Makeev2015-12-01 11:20:53
Does the geographic location of NS servers matter? 1Reply
H
Hatifnatt2012-08-08 13:23:39
Secondary DNS service? 8Reply
1
1212121212015-12-04 15:39:16
Timeweb's website linking has failed, can this be done using third-party DNS servers? 1Reply
K
Konkase2015-12-08 17:08:59
What DNS server and backend should I use to update 20 million records daily? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question