hi, I have a mikrotik as gateway/router for 2 windows VMs. and there is IIS in each windows.
the setup is like this:
valid ip v4 on mikrotik ether1 : x.y.z.171
local IP: on Mikrotik ether2: 192.168.61.1
local ip on windows VM1: 192.168.61.2 domain: site1.domain.com
local IP on windows VM2: 192.168.61.3 domain:site2.domain.com
both these 2 subdomains point to the main IP valid: x.y.z.171
so ping on the internet of site1.domain.com and site2.domain.com returns this main valid ip.
inside Mikrotik I have set static DNS so Mikrotik return ping for the subdomains return the local IPs : 192.168.61.2 and 192.168.61.3
I have forwarded the x.y.z.171:80 to 192.168.61.2:80 and its working fine and IIS on the first VM is returning the pages.
now I want to have a redirect that when the domain is site2.domain.com , mikrotik sends port 80 to second VM 192.168.61.3:80
I have set a layer7 regEXP : site2
then I have Mangle to mark connection and packets based on this layer7. and they are seeing requests fine (counters are working correctly)
chain=prerouting action=mark-connection new-connection-mark=site2
passthrough=yes layer7-protocol=site2
connection-mark=no-mark log=no log-prefix="site2"
1 chain=prerouting action=mark-packet new-packet-mark=site2_packet
passthrough=yes connection-mark=site2 log=no log-prefix="site2"
up to this point, everything is working. now I want to redirect request with this site2 mark to 192.168.61.3 which is not working.
here is the firewall nat part:
chain=srcnat action=src-nat to-addresses=x.y.z.171
src-address=192.168.61.0/24 src-address-list="" out-interface=ether1
log=no log-prefix=""
(here I want to route connections with site2 mark or packet-marks to 61.3) which are not working :|
chain=dstnat action=dst-nat to-addresses=192.168.61.3
connection-mark=site2 log=no log-prefix=""
chain=dstnat action=dst-nat to-addresses=192.168.61.3
packet-mark=site2_packet log=yes log-prefix="site2"
chain=dstnat action=dst-nat to-addresses=192.168.61.2 to-ports=80
protocol=tcp dst-address=x.y.z.171 connection-mark=!site2
dst-port=80 log=no log-prefix=""