Hi
I have a RB493G and I have two internet services from two deferent ISPs with two deferent IP Ranges , one of them 80.X.X.X/24 and the other one 31.X.X.X/24 . in IP route I wrote this :
/ip route add dst-address=0.0.0.0/0 gateway=31.X.X.1
So , There are some websites that I should pay money to get access for my Ip addresses , I payed before for 80.X.X.X/24 and now I want a rule for my clients that if they send request to those websites then mikrotik use 80.X.X.X/24 ip addresses but the other web sites use 31.X.X.X/24 .
I tried using just ip address of that websites but some of them have several servers with deferent ip addresses which is difficult to resolve all of them myself .
I need something in Mikrotik that could write a rule like this :
/ip fire wall nat add chain=dstnat dst-address=*.mikrotik.com action=netmap to-addresses=80.X.X.X
or
/ip firewall nat add chain=dstnat dst-address=www.mikrotik.com action=netmap to-addresses=80.X.X.X
Can any one help me ?!
-
-
greencomputing
Frequent Visitor
- Posts: 95
- Joined:
- Location: Italy
Re: Hostname in Firewall
Hi sir
you can implement the requirement using routing marking, having a firewall mangle rule that will mark the packets with destination ip = pay4surf website ip
here you have a procedure to force the traffic to site with ip xx.yy.zz.ww going trough the ISP for which you already payed.
1) apply routing mark to packets outgoing to the public Internet with destination ip = xx.yy.zz.ww
2) Add as gateway that will be used specifically for packet marked with ISP-PAYED-RT mark the agtewy you want 80.X.X.1 :
After inserting these rules, you will see clients request to ip xx.yy.zz.ww going trough the gateway 80.x.x.1.
Hoping it will help you
have a nice day
you can implement the requirement using routing marking, having a firewall mangle rule that will mark the packets with destination ip = pay4surf website ip
here you have a procedure to force the traffic to site with ip xx.yy.zz.ww going trough the ISP for which you already payed.
1) apply routing mark to packets outgoing to the public Internet with destination ip = xx.yy.zz.ww
Code: Select all
/ip firewall mangle
add action=mark-routing chain=prerouting disabled=yes dst-address=xx.yy.zz.ww dst-address-type=!local new-routing-mark=ISP-PAYED-RT passthrough=no
Code: Select all
/ip route
add disabled=yes distance=1 dst-address=0.0.0.0/0 gateway=80.X.X.1 routing-mark= ISP-PAYED-RT scope=30 target-scope=10
Hoping it will help you
have a nice day
Re: Hostname in Firewall
Thanks for your replayHi sir
you can implement the requirement using routing marking, having a firewall mangle rule that will mark the packets with destination ip = pay4surf website ip
here you have a procedure to force the traffic to site with ip xx.yy.zz.ww going trough the ISP for which you already payed.
1) apply routing mark to packets outgoing to the public Internet with destination ip = xx.yy.zz.ww2) Add as gateway that will be used specifically for packet marked with ISP-PAYED-RT mark the agtewy you want 80.X.X.1 :Code: Select all/ip firewall mangle add action=mark-routing chain=prerouting disabled=yes dst-address=xx.yy.zz.ww dst-address-type=!local new-routing-mark=ISP-PAYED-RT passthrough=no
After inserting these rules, you will see clients request to ip xx.yy.zz.ww going trough the gateway 80.x.x.1.Code: Select all/ip route add disabled=yes distance=1 dst-address=0.0.0.0/0 gateway=80.X.X.1 routing-mark= ISP-PAYED-RT scope=30 target-scope=10
Hoping it will help you
have a nice day
my problem is resolving websites urls to ip addresses ,for example , a web site like www.example.com returns 192.168.1.1 but sub.example.com returns 192.168.20.2 and app.example.com returns 192.168.200.1 ...
so i need some rules that I can use *.example.com .
thanks again
Who is online
Users browsing this forum: Bing [Bot], sstefanov and 119 guests