Hi People,
I need help configuring Mikrotik router so it forwards all traffic for specific domain to different web servers
Internet |>>>> domain.com >>>> | Mikrotik | >>>> Webserver1
----------| >>>> domain.net . >>>> |________| >>>> Webserver 2
Thanks for help
You still could use SNI to separate. It is called tls-host in the RouterOS.
tls-host (string; Default: )
Allows to match traffic based on TLS hostname. Accepts GLOB syntax for wildcard matching. Note that matcher will not be able to match hostname if TLS handshake frame is fragmented into multiple TCP segments (packets).
Currently I use something like this:
chain=dstnat action=dst-nat to-addresses=WebServer1IP protocol=tcp in-interface-list=External dst-port=443
chain=forward action=accept protocol=tcp out-interface=internal in-interface-list=WAN dst-port=443
chain=forward action=accept protocol=tcp in-interface=internal out-interface-list=WAN src-port=443
The problem here is that I forward all incoming connection on port 443 and not ably to set different domains to different webservers
It’s not possible, dstnat has to redirect connection from the very first packet, but for tcp it’s just syn and it doesn’t contain any info about used domain. The tls-host works for blocking stuff, it’s fine if you do that after few packets have passed. But for dstnat it’s too late.
Is there any other way on Mikrotik device to archive that?
Well, if you want any way to do it on Mikrotik device (meaning hardware), then yes. You could either replace RouterOS with another OS like OpenWRT, or run it in MetaRouter under RouterOS. That’s if your device supports it (applies for both cases). But directly with RouterOS, no.