On 11/04/2015 08:45 AM, Bill wrote: > You are correct, but in the use case I am looking at there is no Internet > connection.
I think "other network(s)" can substitute "Internet" in this context. > What I am trying to do is to be able to connect to s specific device, say a > 'supervisor' by name. I don't know the IP, and their IP may change, or the > supervisor might be a service that isn't always provided by the same device. > The IP will change and the DNS will be updated updated as needed It sounds like you want to connect to the ""device that is currently hosting a role with the role holding device being dynamic on top of dynamic IPs. Correct? I'm going to assume that you have TTL taken into account. > I don't want the device/user accessing the 'supervisor' to know the IP > address, other than the gateway IP, I don't want them to be able to save an > old IP. Also, I don't what anyone watching the network (it is wireless) to > be able to see anything other than gateway addresses. Outside the NAT, everything will probably look like it's coming from the NAT's single external IP. Inside the NAT, you will see traffic to / from the ""supervising device and from / to an IP outside of the WLAN. - So, clever people can deduce what the surpevising device is from that. Or were you doing to do something (SNAT?) to hide the external IP? > Basically, the device/user accessing the 'supervisor' should result in > traffic > thru the gateway/NAT that looks as if the superviser initiated it, ie the > supervisor has been natted, and the reply IP is the gateway. I think I can guess what you mean, but I suspect that different network people will interpret that statement differently. Especially when considering external access into a NATed device. > Not sure if I am going about this the right way, but that is my idea. I > appreciate the comments I am receiving here, thanks. I'm going to assume that we are discussing HTTP traffic for the time being. I would run an HTTP reverse proxy that accepts the connection on the outside of the NAT that would then proxy the traffic to the internal ""supervisor host name. DNS would resolve the internal ""supervisor host name to what ever device currently has the role and it's associated IP. The reverse proxy would then initiate traffic from it's internal IP to the proper supervising device. Thus the traffic would appear to be sent and received from addresses local to the network. I also have questions about the traffic from the other non-supervisory role devices. ... However, we are getting FAR removed from DNS. -- Grant. . . . unix || die _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
