DNS Rewriting

0

Is it possible for a Kemp Load Balancer to act as a reverse proxy with DSN rewriting?

This would allow smaller companies without access to many public IPs to make better use of them by allowing multiple external FQDN addresses to route to a small set of IPs (or a single IP) externally, and have the Kemp Load Balancer route those requests internally to the correct Virtual Service and continue providing all the usual excellent services provided by the device.

I.e.:
Have a single external IP address and route ports 443 and 80 through the Firewall into the Kemp Load Balancer, and have it route correctly all the needed sites for Exchange 2013 and Lync 2013, along with the companies public web site(s).

7 comments

Avatar
0
James Basso

Hello,

You can use your DNS servers respond to client requests for Exchange and Lync with the same IP. This IP will either point to a virtual service on the LoadMaster or point to an address that NAT's to the LM VS. The LoadMaster can then perform content filtering to differentiate the requests, sending Lync requests to the FE, Exchange requests to your CAS servers. Although this configuration is rather complex, it is certainly "do-able" as long as you are utilizing SSL offloading.

Avatar
0
icroitoru

In this case, the LM is on the inside of the NAT/PAT and all of this traffic has to come into the connection on a single IP on the NAT/PAT on port 443 and I am looking to redirect it to the LM directly via the PAT.

Could the Content Filtering then handle it or does each service have to point to the different LM VS IPs?

Avatar
0
James Basso

When the LoadMaster receives client connection requests to a virtual service, it is sent to a specific virtual service based on IP and port requested. With a very simple service, the LoadMaster does not care about content. If you would like to add content filters, leverage sub services and then have responses crafted in a granular manner, depending on what is requested, that is completely feasible.

Sub services is what will make or break your setup, You will need to create content filters to send Lync traffic to a Lync specific sub service, Exchange requests to an Exchange sub service, etc. I have sent you a technical document to your inbox, please refer to that for additional information and feel free to contact us if you require assistance and we can open a support ticket.

Avatar
0
James Basso

That depends how you would like to configure your NAT/PAT rules. If all traffic is sent to a single IP address (virtual service) you will have a virtual service that is configured with content filters for all traffic. If you can send NAT/PAT traffic to different IP's based on application or port requested, you then have the ability to configure several different virtual services, each with their own unique IP and port combination.

Avatar
2
icroitoru

In this case, I do not have a choice. I only have 1 single external IP address to work with.

Avatar
0
Adam Amiceli

I am trying to achieve a similar configuration and would like to see the technical document James sent. How can I get a copy? Thanks.

Avatar
0
James Basso