Hi,
I am developing a system consisting of an application server that I will need to deploy on location at each of our 100+ customers.
The applications are used for a manufacture process control. They will be accessed on location as well as remotely anywhere in the world. To ease the access to the server and applications, I will set up domain names such as server.customer1.example.com, app1.customer1.example.com, …
I will use SSH to manage these servers.
Our servers will be behind NAT at our customers' facilities. So port forwarding will be used for remote SSH access with IPv4.
The servers will also be accessible with IPv6.
Now, this is where I am not sure how to proceed when it comes to port forwarding for SSH.
My best bet is to make sure that I use the same internal and external port numbers.
Let's suppose an application server instance listens on port 2222 and a port forwarding has been set up from the location public IPv4 (e.g.: 1.2.3.4) port 2222 to the private IPv4 of the application server (e.g.: 10.100.100.3) port 2222. This way I can easily access the server via its domain name server.customer1.example.com and the port 2222 independently of the the IP version used (IPv4 vs IPv6). If the server was listening on port 22 and the port forwarding was set from 1.2.3.4:2222 to 10.100.100.3:22, then it would remotely be accessible with a different port whether the domain name resolves to a IPv4 (port 2222) or a IPv6 (port 22). Also, the DNS servers on location will resolve domain names to the private IPv4 of the corresponding server, so by using the same internal and external port numbers, I can also easily access the server via its domain name without doing anything special whether I am on location or not.
I have not been able to find much literature about using the same internal and external port numbers for such use case. I would like to have the community's feedback. Is there any disadvantage to keep the same internal and external port numbers?
No comments:
Post a Comment