Is it possible to port forward to a hostname rather than an IP address?
I have a scenario when I maintain two copies of a website in two completely separate hosts and subnets. I use regular port forwarding for public traffic to be routed to the primary webserver. However, if the primary server fails, I want to route automatically to the secondary server.
I tried to enter a host name into the Port Forwarding To-Address field, but it won’t accept it. My guess is I would need to use some form of scripting to ping the server, and if not present update the forwarding rule. The when it returns, update the forwarding rule again. But this seems very messy to me.
Not that I am aware of, the TO-ADDRESSES is IP only as far as I can see.
(lists not permitted)
The only thing I can think of is use two rules…
DSTNAT RULE1
DSTNAT RULE2
RUN a SYSTEM Script that says
check if server1 is down then disable rule 1
If server 1 is up enable rule 1
That way the dst traffic will always hit rule1 and get passed and if down/disabled the NAt will look at rule 2.
Probably much better ways but thats the first that comes to mind
Even if it was possible to use an fqdn as to-addresses (it’s not), you would still have to update the DNS record based on the availability of the primary server, so some process tracking its availability would be necessary anyway.
So depending on how frequently the primary server is unavailable, you may use @anav’s suggestion as-is, i.e. use /tool netwatch to monitor the primary server’s address, and let its down-script and up-script refer to separate scripts in /system script with dont-require-permissions=yes, which will disable and enable the first dst-nat rule, respectively.
Or, in the unlikely case that the primary was going down so frequently that you wouldn’t want to save your configuration each time, you could use a more complex method with a dynamic address-list item, which is not written to configuration, as a way to disable the first dst-nat rule dynamically.