Hi everyone, friends!)
I was not so long ago use this perfect software on my routerboard.
Sorry, for my bad English (
I learn about Firewall on this device. And make rule, for NAT ports from my public IP to machine in LAN.
I have a domain in the format “server.domain.tld” is routed to my public IP.
How can I allow access to my server in LAN only from this domain (server.domain.tld) URL?
And if it’s possible as an extension of it … if someone entered the public IP directly so that nothing was loaded.
You can use ip firewall address list.
You can add the public ip or the fqdn (url) to the address list and use it an the advanced tap of your firewall rule in ‘Src. Address List’ to accept the traffic.
Assuming that the URL can be resolved by the router, so you have a public dns service.
Address list, L7 regex, Content (in FW rule in Advanced tab), etc. not acceptable subdomains but domains only. (domain.tld)
I want this for subdomain (server.domain.tld).
Tested on RouterOS v7.1.3
I Used this a Couple of versions but I am on 6.49.3 (because of dependencies with other systems).
For an example I have created a address list ‘google-Test’ and used the URL ‘www.google.de’ (1).
The Router resolved the url to the IP-Address (2).
And I can use the address list in the firewall rules (3).
With a rule like this I could allow access to my router(input) or a server behind my router(forward with destination nat) from ‘www.google.de’.
The host www from the domain ‘google.de’ is public resolvable.
If there where ip addresses for ‘www.google.de’ in the public dns-server I had got a couple of dynamic ip addresses in the address list (dns.google.com create two entries (8.8.8.8 and 8.8.4.4).
A pure domain like ‘google.com’ cant be resolved.
I wrote this because you write subdomains and not FQDN 8https://en.wikipedia.org/wiki/Fully_qualified_domain_name).
Up until now I have simply assumed that the url is a public IP address from which the router or a server behind it is accessed.
Is that correct or should access from the router or the network behind it to a URL on the internet be regulated?
