Community discussions

MikroTik App
 
rama3i
just joined
Topic Author
Posts: 2
Joined: Wed Jul 18, 2012 12:31 pm

Firewall Rules using host name

Wed Jul 18, 2012 12:46 pm

All,

Is it possible to create firewall rules (in this case NAT) to use hostname rather than IP? Our case is that we are going to re route traffic to different IP based on the host names. Concerning that we have multiple application running on the same port but separated in multiple local server with their own local IP. Rather than having different port setting for each server, we are looking for seamless solution by creating rule based on the hostname. CMIIW, This idea is similar with apache virtual hostname actually. Will it be possible guys? What am I looking is like code below:
/ip firewall nat add chain=dst-nat dst-address=server1.domain.com dst-port=8333 action=dst-nat to-address=192.168.1.10:8333
/ip firewall nat add chain=dst-nat dst-address=server2.domain.com dst-port=8333 action=dst-nat to-address=192.168.1.11:8333
I'm looking for any possible solution before going to do it ugly by having each server configured with different port. thanks
 
rjickity
Member Candidate
Member Candidate
Posts: 212
Joined: Sat Jul 17, 2010 10:40 am
Location: Perth, Australia

Re: Firewall Rules using host name

Wed Jul 18, 2012 2:52 pm

what's the purpose of using it by hostname ?

Are you dns loadbalancing or are your servers filtering on http headers ? Or is it something else
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8394
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: Firewall Rules using host name

Wed Jul 18, 2012 11:37 pm

it's impossible just because packet does not contain hostnames - only IP addresses. so just replace hostnames in your rules with their IP addresses. PROFIT
Russian-speaking forum: https://forum.mikrotik.by/. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

MikroTik. Your life. Your routing.
 
rama3i
just joined
Topic Author
Posts: 2
Joined: Wed Jul 18, 2012 12:31 pm

Re: Firewall Rules using host name

Thu Jul 19, 2012 5:57 am

what's the purpose of using it by hostname ?

Are you dns loadbalancing or are your servers filtering on http headers ? Or is it something else
Nope, we don't load balance our DNS nor filtering on http headers. All we know is that there are applications which run on the same port within the network. And all of these application should be accessible from the net.
it's impossible just because packet does not contain hostnames - only IP addresses. so just replace hostnames in your rules with their IP addresses. PROFIT
Thats the problem, all the DNS entry were CNAME, addressing the same IP. That's why we need to add firewall rule based on the hostname not the IP.

Any idea guys?
 
User avatar
spippan
Member Candidate
Member Candidate
Posts: 100
Joined: Wed Nov 12, 2014 1:00 pm

Re: Firewall Rules using host name

Thu May 07, 2015 10:05 pm

what's the purpose of using it by hostname ?

Are you dns loadbalancing or are your servers filtering on http headers ? Or is it something else
Nope, we don't load balance our DNS nor filtering on http headers. All we know is that there are applications which run on the same port within the network. And all of these application should be accessible from the net.
it's impossible just because packet does not contain hostnames - only IP addresses. so just replace hostnames in your rules with their IP addresses. PROFIT
Thats the problem, all the DNS entry were CNAME, addressing the same IP. That's why we need to add firewall rule based on the hostname not the IP.

Any idea guys?
try this.... http://wiki.mikrotik.com/wiki/Use_host_ ... wall_rules
---
raiffeisen data center infrastructure and security
...stay curious

Who is online

Users browsing this forum: erlinden, Google [Bot], Majestic-12 [Bot], sindy and 107 guests