Hello,
for some reason i need to change my actual provider.
on new i need to optimize and use only 1 ipv4 (WAN address)
but i have 3/4 webserver on LAN.
can i setup only 1 ip address on wan and create a nat rule for specific hostname / domain ?
so if i have only a single public ip
1.2.3.4
can i create a rules
NAT to 192.168.88.2 port 80 and 443 TCP (only for domain test123.com)
and another rule
NAT to 192.168.88.3 port 80 and 443 TCP (only for domain test456.com)
and another rule
NAT to 192.168.88.4 port 80 and 443 TCP (only for domain test789.com)
i think should i use some app like haproxy or similar but i prefer ask here…
No, ROS NAT is layer 4 (TCP or UDP) function. For your needs you need a layer 7 server (reverse proxy). All the popular web servers can do it (nginx, apache, etc.) and there are some specialized products (haproxy, traefik, etc.) None of them are available natively in ROS, but you can run (at least some of) them in containers. Or on a dedicated linux machine, dimensioning depends on expected cujulative connection rate and throughput (in case of https the encryption is done by reverse proxy and it takes a considerable CPU power to do it for higher throughputs).
… so you want to explain the visitors of https://test456.com/ "no, you must not enter that, you must enter https://test456.com:4443/ ???
And when they forget the :4443 then they get “warning! invalid certficate! someone may be eavesdropping on you!!” ??
Good luck with that. No, it is as mkx wrote: it isn’t possible without a reverse proxy and RouterOS doesn’t include one.
Personal issues of users is not my problem. I am just pointing out a very simple solution that works…
Not only that, I would demand the static IPs of my users for a source-address-list attached to the dstnat rule ( or a dydnsname if their WANIp is dynamic ).