Firewall Rules using host name

rama3i · July 18, 2012, 9:46am

All,

Is it possible to create firewall rules (in this case NAT) to use hostname rather than IP? Our case is that we are going to re route traffic to different IP based on the host names. Concerning that we have multiple application running on the same port but separated in multiple local server with their own local IP. Rather than having different port setting for each server, we are looking for seamless solution by creating rule based on the hostname. CMIIW, This idea is similar with apache virtual hostname actually. Will it be possible guys? What am I looking is like code below:

/ip firewall nat add chain=dst-nat dst-address=server1.domain.com dst-port=8333 action=dst-nat to-address=192.168.1.10:8333
/ip firewall nat add chain=dst-nat dst-address=server2.domain.com dst-port=8333 action=dst-nat to-address=192.168.1.11:8333

I’m looking for any possible solution before going to do it ugly by having each server configured with different port. thanks

rjickity · July 18, 2012, 11:52am

what’s the purpose of using it by hostname ?

Are you dns loadbalancing or are your servers filtering on http headers ? Or is it something else

Chupaka · July 18, 2012, 8:37pm

it’s impossible just because packet does not contain hostnames - only IP addresses. so just replace hostnames in your rules with their IP addresses. PROFIT

rama3i · July 19, 2012, 2:57am

Nope, we don’t load balance our DNS nor filtering on http headers. All we know is that there are applications which run on the same port within the network. And all of these application should be accessible from the net.

Thats the problem, all the DNS entry were CNAME, addressing the same IP. That’s why we need to add firewall rule based on the hostname not the IP.

Any idea guys?

spippan · May 7, 2015, 7:05pm

try this… http://wiki.mikrotik.com/wiki/Use_host_names_in_firewall_rules