Forwarding to second External IP

DiamondIT · October 16, 2017, 7:11pm

Hi,

Possibly a simple question but here it goes

If i have a website
www.diamond.com with the ip of 1.1.1.1
i move the site to my datacentre with a ip of 2.2.2.2
i forward all traffic from 1.1.1.1 to 2.2.2.2

will the client reconnect to 2.2.2.2 or will 1.1.1.1 pull the traffic from 2.2.2.2 and forward it to the client?

Thanks in advance

Ape · October 17, 2017, 1:50pm

Hi,

it depends on how you realise the forwarding.
If you forward traffic on a specific port on 1.1.1.1 to 2.2.2.2 and you use SRC-NAT, the traffic will go through 1.1.1.1.

If you don’t use SRC-NAT you could end up having an asymmetric path from client to 1.1.1.1 to 2.2.2.2 and from there directly back to the client. This depends on your topology.

Regards,
Ape

BartoszP · October 17, 2017, 3:02pm

DST NAT just redirects packets = “changes destination address IP” to the new server. Source packet’s IP is not changed so 2.2.2.2 sees packet comming from 1.1.1.1 as any other packet and therefore the answer is send to the originator address and in 99.9% the 1.1.1.1 server is not involved in the back trafic … the 1%% is for situation when 1.1.1.1 is GW for 2.2.2.2.
When you add additional rule which makes SRC NAT too then packets have SRC IP changed to 1.1.1.1 and then 2.2.2.2 answers to 1.1.1.1 as it thinks that 1.1.1.1 have send the packet and then 1.1.1.1 converts src IP back to the original one and sends the answer to the real originator.
The drawback of SRC NAT in such solution is that 2.2.2.2 sees all traffic coming from 1.1.1.1. Treat it as temporary solution.

Look here: http://forum.mikrotik.com/t/port-forwarding-problem/93224/14

DiamondIT · October 21, 2017, 8:43am

Thanks that answered my question, it was a temporary solution, i needed to make sure that even if peoples DNS has not updates or they have a static entry their connection would still work.

Thanks again

MLubbe · October 21, 2017, 9:08am

Hi there, how do you plan to forward the traffic to 2.2.2.2? Is this an internal website or is it accessed by Internet users? Nornally you can change your dns records to point users to the new IP. If you are performing some sort of Nat at 1.1.1.1 to send traffic to 2.2.2.2 then generally the IP seen from the website will be an IP on the 1.1.1.1 device.

DiamondIT · October 21, 2017, 12:17pm

Basically how it was setup was

Clientaccess.outlook was pointing to 1.1.1.1

i needed to quickly move the servers from that location to a new location 2.2.2.2

i know DNS records can take up to 48 hours to FULLY replicate over the internet so to ensure connectivity i was forwarding residual traffic to 1.1.1.1 and forwarded it to 2.2.2.2

All HTTPS traffic