One public IP, 2 subdomains

petrvyhlidal · April 14, 2020, 8:20pm

Hi there.
Could you advice me, how to configure this:

1 public IP address
need to forward outside traffic to 2 subdomains (2 different IP addresses in LAN, same port 80) - raspi.mydomain.cz, sonoff.mydomain.com

Any idea how to manage this ?

I don’t need “step by step” manual - will learn myself … I just need to push me to correct direction.

Thanks a lot

Zacharias · April 15, 2020, 1:21pm

Firs i would advise you to delete part of your DNS names on your first post since you do not hide your public IPs…

As far as your question is concerned, you simply need 2 port forward rules…
Notice, since both hosts use port 80, the public port must be different on both your rules…
For example, you should use public port 65000 and private 80 for the first host and public port 65001 and private 80 for the second one…
Don’t forget to specify the in-interface as well…

sindy · April 15, 2020, 1:30pm

Using Mikrotik alone, there is no other way but to use two different ports as @Zacharias suggests. The reason is that HTTP(S) uses TCP, so the session needs to establish before any payload is transported. The fqdn is transported in the payload. And there is no way to redirect a TCP session to another host once it has established. So to achieve your goal, you would need to run some kind of http load-balancer process on one of the target servers or a dedicated one, which will accept the session, receive the HTTP request, then establish a new TCP session to the necessary destination, send there the HTTP request, and then forward the payload data between the two sessions.

anav · April 15, 2020, 2:30pm

In plain latvian
All you need is simple port redirection on the destination nat rules.

To those accessing your server from the outside, lets say you are using a dyndns.type URL vice WANIP itself.
eg. “mywebsiteconnect.org”

You would tell those requiring access to raspi.
to type
mywebsiteconnect.org:6500

You would tell those requiring access to sonoff
to type
mywebsiteconnect.org:6600

There is no conflict on the incoming NAT side of the router as they are two different incoming ports.

Raspi server:
/ip firewall nat
add chain=dstnat action=dst-nat in-interface-list=wan dst-port=6500 protocol=tcp
to-address= 192.168.135 to-ports=80

Sonoff server:
/ip firewall nat
add chain=dstnat action=dst-nat in-interface-list=wan dst-port=6600 protocol=tcp
to-address= 192.168.145 to-ports=80

petrvyhlidal · April 16, 2020, 1:50pm

Thanks guyz.

If I catch it correctly … redirection on ports is one and only solution:
raspi.mydomain.com:6500
sonoff.mydomain.com:6600

Right ?

Zacharias · April 16, 2020, 1:53pm

Yes, and this actually is called port translation, since public port differs from the private one…