Community discussions

MikroTik App
 
tinus
just joined
Topic Author
Posts: 16
Joined: Thu Oct 27, 2005 9:01 pm

Filter Incoming Web Site connection to Server

Fri Oct 28, 2005 6:10 pm

My company start to minimize the usage of public IP's for the company site's.

They want to start to use one IP for several site, but the website use their own web server services.

In example :
Site A using Server A
Site B using Server B
Site C using Server C

Can I use just 1 public IP in Mikrotik for those site?
AND When a connection arrive into Mikrotik Router OS, the Mikrotik Router OS check the HTTP Header for destination Site,
IF the header destinate to Site A then it will forward to Server A,
IF the header destinate to Site B then it will forward to Server B,
the same for header destinate to Site C

And those Servers only accept connection from Mikrotik BOX,
and in the header of incoming connection from Mikrotik BOX contains the IP of the origin request from Outside Mikrotik BOX.
Something Like X-Forwarded-For Flag in the HTTP Header.
So the web server can collect information from incoming connection.

Can Mikrotik Router OS support that function?
 
User avatar
andrewluck
Forum Veteran
Forum Veteran
Posts: 700
Joined: Fri May 28, 2004 9:05 pm
Location: Norfolk, UK

Fri Oct 28, 2005 9:57 pm

Quite possibly. You could try using the Content option in a dst-nat rule when forwarding TCP port 80 packets.

Regards

Andrew
 
User avatar
lastguru
Member
Member
Posts: 432
Joined: Fri May 28, 2004 9:04 pm
Location: Certified Trainer/Consultant in Riga, Latvia
Contact:

Mon Oct 31, 2005 4:08 pm

Andrew, I doubt it could be made the way you probose because you probably break the TCP connection. The HTTP header is transmitted after the TCP connection is established.

What can be done is to separate by domains. I.e., register multiple domains with the same IP address, then setup MT as a proxy only for these registered domains, after that, configure the local DNS cache to resove these domains differently, say one domain per internal IP... that's all :)
 
User avatar
andrewluck
Forum Veteran
Forum Veteran
Posts: 700
Joined: Fri May 28, 2004 9:05 pm
Location: Norfolk, UK

Mon Oct 31, 2005 8:30 pm

You're right, hadn't thought of that.

Proxying is a neat solution.

Regards

Andrew
 
tomi_isp
newbie
Posts: 36
Joined: Mon Sep 19, 2005 1:21 am

Tue Nov 01, 2005 1:45 am

Andrew, I doubt it could be made the way you probose because you probably break the TCP connection. The HTTP header is transmitted after the TCP connection is established.

What can be done is to separate by domains. I.e., register multiple domains with the same IP address, then setup MT as a proxy only for these registered domains, after that, configure the local DNS cache to resove these domains differently, say one domain per internal IP... that's all :)
I am interesting in similar solution :) can you near specify how to configure MT as proxy for domains :)

Thanks for basic how to :)

/Tomi

Who is online

Users browsing this forum: ekinsl and 73 guests