NAT to two different servers on the same port via hostname

pataroulis · December 24, 2014, 8:57pm

Hi all,

I have an RB2011 which connects to the internet via a static IP.
In my lan I have two different servers, one that is on IP 192.168.89.11 and
another on 192.168.89.12

My DNS (on cloudflare) resolves both myfirstserver.com and mysecondserver.com
to my router’s static IP.

Now, what I want to do is to somehow separate the traffic so all traffic for myfirstserver.com goes to 192.168.89.11 and traffic for mysecondserver.com goes to 192.168.89.12

What I have tried so far, is to somehow mark the packets through mangle and then use that mark on NAT to do the proper dst-nat forward.

I try marking packets through either content or Layer 7 protocol regex (they work properly if the action is log. I can see them being logged correctly).

The thing is that after I mark them, it seems that NAT just ignores them and forwards the connection to the server that accepts the non-marked packets.

I think I have mixed up the order of filtering and the chains somehow.

Would someone be able to provide some pointers/assistance on how to accomplish this?

Thanks!

Aris

psamsig · December 25, 2014, 10:32pm

You can’t do L7 to direct NAT, it is to late since the TCP connection is already established. My best idea would be to make a redirect on one of the two servers, to an URL including a port number e.g. http://mysecondserver.com:81 and then add a NAT for that to the second server. Not pretty but i works.

Sob · December 26, 2014, 3:46am

There’s no proper solution in RouterOS. In case you can live with just bare http, it’s possible to turn web proxy into reverse proxy, see this thread. If you need https or any other service, you’re out of luck.