Community discussions

MikroTik App
 
songqi94ke
just joined
Topic Author
Posts: 1
Joined: Mon Mar 29, 2021 5:19 pm

Reverse proxy in Mikrotik only works in LAN?

Mon Mar 29, 2021 5:40 pm

Hi all,

Since I want to host 2 web servers under 1 public IP, I'd like to see if my RB450Gx4 can be used as a reverse proxy.

Says there are:
abc.com@192.168.88.5
xyz.com@192.168.88.7

I have followed the below steps to setup:
/ip proxy set enabled=yes src-address=0.0.0.0

/ip dns static
add address=192.168.88.5 name=abc.com
add address=192.168.88.7 name=xyz.com

/ip firewall nat
add action=redirect chain=dstnat dst-address=[public IP] dst-port=80 protocol=tcp to-ports=8080
In LAN, the setting can successfully bring me to the right server with different domain name. However, it didn't work if I tried to connect from WAN. I could see the packets coming in NAT but no connection was built by proxy.

Thanks for any help!
 
User avatar
loloski
Member Candidate
Member Candidate
Posts: 294
Joined: Mon Mar 15, 2021 9:10 pm

Re: Reverse proxy in Mikrotik only works in LAN?

Sat Apr 03, 2021 3:46 am

Hi all,

Since I want to host 2 web servers under 1 public IP, I'd like to see if my RB450Gx4 can be used as a reverse proxy.

Says there are:
abc.com@192.168.88.5
xyz.com@192.168.88.7

I have followed the below steps to setup:
/ip proxy set enabled=yes src-address=0.0.0.0

/ip dns static
add address=192.168.88.5 name=abc.com
add address=192.168.88.7 name=xyz.com

/ip firewall nat
add action=redirect chain=dstnat dst-address=[public IP] dst-port=80 protocol=tcp to-ports=8080
In LAN, the setting can successfully bring me to the right server with different domain name. However, it didn't work if I tried to connect from WAN. I could see the packets coming in NAT but no connection was built by proxy.

Thanks for any help!
There were more much suitable for this task like deploying a port forwarding on a real proxy like haproxy and handle this on L7 so that you can achieved what you want. because port forwarding can only be done once on a specific port.

For illustration purposes only

your external IP is 1.1.1.1 and you map it to port 80 and DNAT to 192.168.88.5:80 for abc.com
1.1.1.1:80 -> 192.168.88.5.80 (abc.com)
1.1.1.1:80 -> 192.168.88.7.80 (xyz.com) # This will not work because you already mapped it on your previous rule

Solution

1.1.1.1:80 -> 192.168.88.4:80 (haproxy = real reverse proxy) handle the application routing/logic here much more versatile and you can even use different operating system behind on the reverse proxy
 
mhaluska
just joined
Posts: 22
Joined: Sat Jun 13, 2020 1:20 pm

Re: Reverse proxy in Mikrotik only works in LAN?

Sat Apr 03, 2021 1:49 pm

@loloski is right, reverse proxy is your friend.
Often used proxies are haproxy, nginx, caddy... for containers for example traefik. If you want easy quick start with web UI and build-in ACME, you can use Nginx Proxy Manager

Who is online

Users browsing this forum: 4l4R1, Amazon [Bot], mogiretony and 87 guests