How to access via external IP on their resources inside the network?

Hello!
Set such a task. There is a web server on your local network (for example: aaa.test.com - 192.168.1.10, bbb.test.com - 192.168.1.11, etc.) have white static IP (for example: 10.0.0.1). How to make the treatment of the Internet domain aaa.test.com (10.0.0.1) this domain has proposalsa in the internal ip on the local network. What firewalls or other technologies enable it to carry out.
The scheme is about DNS -> firewall -> web_server (LAN)
In what direction to dig?!
March 20th 20 at 11:22
4 answers
March 20th 20 at 11:24
router packet marking

March can be microteam, any other server with Linux, etc.
Offer to paint l7 traffic? Bad decision. - Jerrell38 commented on March 20th 20 at 11:27
March 20th 20 at 11:26
This question is asked once a year consistently. Consistently get the answer - use a reverse proxy.
typical solutions that they offer
1. nginx
2. haproxy
3. any other entity with similar functionality.
Suggested link to a similar question in the comments ready config for haproxy.
I know that I can do that through proxy.
The issue is that in the beginning it is necessary to put an iron firewall, ie, static ip is written in the firewall and all web services should stand behind it. - Telly.Veum commented on March 20th 20 at 11:29
@Dudley_Morissette, so what's the problem with the iron firewall? - Jerrell38 commented on March 20th 20 at 11:32
March 20th 20 at 11:28
white has a static IP (for example: 10.0.0.1).
The address in the example is clearly not white.

How to make the treatment of the Internet domain aaa.test.com (10.0.0.1) this domain has proposalsa in the internal ip on the local network.
No way. Domain is the name of his traverse impossible.
Propisivat ports. You can make all requests coming to IP address is forwarded (I proposalis) to another IP address. Domain have nothing to do with business.

To access the web server behind NAT you need port forwarding from the server and doing NAT on the Web server.
If multiple web servers - a proxy server is used.
Found in the Internet a Hairpin NAT. Like that is necessary. - Telly.Veum commented on March 20th 20 at 11:31
@Dudley_Morissette, not Even close to what you need.
Hairpin NAT is to configure NAT so that it is properly done masquerading queries from the local network to achieve a situation when the answer to the question sent to the white address comes with grey.
This is the only aim of Hairpin NAT.

If you want to access local resources on the external IP address - you need a Hairpin NAT. - madonna.Gra commented on March 20th 20 at 11:34
March 20th 20 at 11:30
Found in the Internet a Hairpin NAT. Like that is necessary. What equipment can it apart from Mikrotik?!
This is clearly not what you need, unless of course you have correctly described the problem.
Hairpin NAT allows access from the local network and white address.
If the users of your web server are on the same local network as the web server then you will need Hairpin NAT - madonna.Gra commented on March 20th 20 at 11:33

Find more questions by tags FirewallProxyNetwork administration