Port Forwarding Server with interface to choose from multiple destinations

[ozric]

I have a setup that involves a service being directed at an external NAT address which I then point to one of a number of devices.

 

What I'm looking for is a way to make the NAT'ing function something users could control within a basic interface, eg a drop down menu from a web page.  So I can have an external IP going to an internal IP (reverse proxy?) that port forwards traffic to devices (that users can choose) within the LAN as per image attached.

 

I'm sure this will have been done before, does anyone know of a simple effective way to do it?

 

Many thanks

[sc302 Veteran]

Generally you change the port that communicates to the device or you have a one to one nat from multiple external addresses or you have them access it through a vpn.

[ozric]

Thing is the External has to be a single static address as will the NAT'd internal address.  

I just want to be able to provide and option to an end user that allows them to select one of four destinations for the server (reverse proxy) to forward traffic to and from.

[+BudMan MVC]

Why would users need to do this??  What are forwarding exactly, what port/protocol -- and your pointing it to a reverse proxy inside your network.. Why can the reverse proxy then send the data on to what you want.. You need to choose 4 different reverse proxies on rfc1918 space?  Why don't you put the reverse proxy on public IP?  You only have 1 public IP?  Get 3 more if you have 4 reverse proxies you need to get to from public..

 

Does this have to do with voip or sip - why do you have phones in your diagram?

 

What exactly are you trying to accomplish here, what is the problem your trying to over come with changing a port forward.. Which seems to be the wrong path if you ask me..

[ozric]

We have an ISDN phone number that will redirect to a single IP address over with H323.

I want users to be able to redirect that traffic as it hits my external address to 1 of 4 video conferencing rooms.

 

ie We have a call due to come in at 12:00 on the ISDN which needs to be taken in the Board Room, a receptionist can go to a drop down box and select Board Room.  

[+BudMan MVC]

So you have multiple h323 endpoints, but you don't have a gateway?

 

If you wanted your receptionist to do this.. What is your nat device now?  No I can not think of ever hearing anyone wanting a receptionist to change where a NAT pointed too that is for sure

[sc302 Veteran]

Nm. I will post what I have done to get around issue when I get to desk

[sc302 Veteran]

You will need to have a number associated to each point, you should then be able to assign each room with its own number.   If it is a point to point solution you would setup through a vpn. 

 

What I have done to allow conference between sites was to have a vpn setup and have a point to point setup between offices. 

 

Other ways around it is to use services like skype, gotomeeting, or webex.  These all work very well and do not require you to forward any ports.  You can also have a number for people to call vs having them have an account. 

[ozric]

Thanks for the advice but I'm stuck with the setup I have.  

I'll look further into reverse proxies and for interest post back if I find anything.

[binaryzero]

As the others have said, I'd look at getting a gateway, a reverse proxy, and some dedicated numbers. 

 

Your idea would not be practical at all, and it wouldn't work technically.

 

Lync server could be useful.

[+BudMan MVC]

Lets try and go down your wrong path where the secretary changes where the port forward goes.  What device do you have now that is doing the port forward.  I doubt it has a user interface with drop downs to where a port gets forwarded, so you would have to write some user interface to it.. Does it have an API to interact with it?  Does it have cli where we could send it commands?

 

Or are you stuff with its interface - what device is it?  Since your stuck..  Lets even see if possible to interact with that device other than its gui..

 

As to stuck - that is just a cop out, tell the people involved that what they want is NOT POSSIBLE, and it has to be done another way, etc..  If your a consultant walk away.. Just because you consult does not mean you have to consult people that won't listen.

[sc302 Veteran]

Budman states the truth.  There is another way, give all of the devices the same ip and only turn on the one that you need at the time leaving the rest off.  That would be the only other workaround, albeit a half assed one.

[+BudMan MVC]

That would be prob best work around other than having sec change port forwards But someone forgets to turn off the others, or turns theirs on and your out of luck.

[#Michael]

I have been following this since yesterday and I am very confused.  If what you are looking for is nothing more than a sip/voip phone system then why not just go with one of the many sip/voip phone systems.  Avaya or Cisco are great examples.

[ozric]

Many thanks for the responses, it has re-affirmed I wasn't missing something obvious when talking to the user

[+BudMan MVC]

so you have trashed the idea of sec changing port forwards then