Community discussions

just joined
Topic Author
Posts: 2
Joined: Wed Jun 07, 2017 5:26 pm

Help with SSTP & HTTPS Webserver Routing on Multi IP WAN Gateway

Tue Sep 03, 2019 7:12 pm

In my homelab, I have a single WAN gateway (Ether1) with two working public IPs on it, the second public IP is reserved for a webserver. SSTP VPN Server is also setup and listening on port 443. I also have the webserver using HTTPS. Now I have two conflicting services using the same port.

It seems that the SSTP VPN Server is listening to all IP addresses on the WAN Gateway for port 443 - is there a way to restrict the SSTP VPN Server on the Mikrotik to only listen to one of the two public IP's assigned to the WAN gateway and not listen to the second public IP that is dstnat'ed to the Webserver? I don't want to change the SSTP VPN Server's listening port.
Forum Guru
Forum Guru
Posts: 4549
Joined: Mon Apr 20, 2009 9:11 pm

Re: Help with SSTP & HTTPS Webserver Routing on Multi IP WAN Gateway

Tue Sep 03, 2019 8:35 pm

You don't have any problem, dstnat always wins over local service. It happens in prerouting stage, so if the packet was originally destined for public address on router, after dstnat its new destination is what you specified in to-addresses, which is no longer router's address. And that's what following routing decision works with, so whatever is listening locally on original destination address doesn't matter.
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply.

Who is online

Users browsing this forum: Bing [Bot] and 17 guests