All HowTo's

How to structure DNS and NAT for Office Networks and Roaming Devices

This article discusses the design of a network that allows a device to roam between the office network and the outside (such as the home or coffee shop). We assume the roaming user will be accessing services on services that reside within the office network.

There are other solutions such as VPN’s, using different shortcuts or even changing mail server IP addresses within the mail client. In this article we will expect the result to be a configuration that requires no changes to the client or server side once configured.

The diagram below is our network structure. It’s simple with one subnet (Internal Network), one router and a laptop that can move between the office (Internal Network) and home (External Network).

network-dns

The way to design this is to:

  • have a DNS server (as above) on the Internal Network that is the authority for the Internal Network and forwards all other requests to DNS servers on the External Network (such as your ISP’s DNS servers).
  • configure the DHCP server (either the router or a server on the Internal Network) provide the DHCP clients with the DNS server on the Internal Network.
  • configure the router to NAT/PAT the required service ports from the External Network interface to the IP addresses of the appropriate servers on the Internal Network.
  • use the same domain names on the Internal Network as used on the External Network. For example, the publicly registered domain name “mail.agix.com.au” might point to “123.1.2.3” while on the internal DNS server, that same name might point to “192.168.1.3”.

This will allow a laptop to move between the Internal Network and External Network without needing to reconfigure software such as the email client and possibly bookmarks to web pages hosted on the company web servers.

Leave a Reply

Your email address will not be published. Required fields are marked *