Redirect a HTTP request to internal IP

callebalik · ‎02-11-2015

Hi,

hope this is the right subforum to post this question.

I would like to redirect a certain HTTP request to an internal IP/PORT. Is this possible?

Our company has a QNAP/NAS running a web server on which we want to use as a sort of intraweb. Instead of accessing the page via its IP i would like to make the address more user friendly.

Thanks in advance,

Calle

kyozloveyou_FTNT · ‎02-11-2015

If you want to access your internal NAS, from public/internet.

you may refer to:

v5.0: https://www.youtube.com/watch?v=XnfmGnjJpF0

v.5.2: [link]https://www.youtube.com/watch?v=CHA_4Gc9kEA[/link]

With this you may be able to access the NAS using your current public ip.

Ooi Soon Guan

callebalik · ‎02-12-2015

Thanks, but I know how to port forward and do not intend to open any ports for external access.

Maybe my question was a bit unclear. Let me specify.

I would like to tell my Fortigate 60D to redirect any requests to a specific address coming from from within our network to the NAS which is also located in the INTERNAL network. Similar to edit a computers HOSTS-file to redirect traffic. In that way create a virtual domain/address that only exists in our internal network and can only be accessed from within the network.

The alternative is to cook up an applescript (since we are a design studio...) that will modify each computers HOSTS-file but that seems a bit blunt to me.

ashukla_FTNT · ‎02-12-2015

callebalik wrote:

I would like to redirect a certain HTTP request to an internal IP/PORT. Is this possible?
Our company has a QNAP/NAS running a web server on which we want to use as a sort of intraweb. Instead of accessing the page via its IP i would like to make the address more user friendly.

It depends to what ip the address (name) resolves to.

Do you have internal dns and does it resolves the name to private ip?

If that is the case only policy and route needs to be present in firewall.

If the name resolves to public address then you will require vip to do destination nat.

Post the details and I am pretty sure it is easy to achieve.

ede_pfau · ‎02-12-2015

I think the OP doesn't have an internal DNS, or not on the FGT.

Easiest way would be to create a DNS on the FGT, with forwarding what it cannot resolve. But...that's not possible on all models, the FG-20C, 30B, 40C lack this feature.

He might use the "DNS translation" feature but I am not sure if it will work if there is no DNS response.

Ede Kernel panic: Aiee, killing interrupt handler!

Dave_Hall · ‎02-12-2015

Yesterday, I started to reply with a possible DDNS/DNS translation solution, but felt it a bit silly :-)....the QNAP should already be accessible internally. (e.g. click on Start->Run->browse->network and see if the device shows up .)

If Carl's company is running AD, they should be able to create a local dns record for the QNAP.

The DNS Translation works with any dns query that crosses over an Interface -- KB# FD34099 shows this...

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

rwpatterson · ‎02-17-2015

If you don't need the QNAP on the same interface, throw it on the DMZ (or another interface) and use a VIP.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Redirect a HTTP request to internal IP

Nominate a Forum Post for Knowledge Article Creation