How to forward a port to mikrotik only in cases when there is a corresponding line in the request?

V

Vitaly2022-02-14 20:00:47

Mikrotik

Vitaly, 2022-02-14 20:00:47

All the best!
I have a server behind NAT, and I want to forward to its port (let's say port 81) only those requests that have the word online
in them. Let's forward a request severIP: 81 / online
But other requests like severIP : forward)

Tried through Layer 7 protocol with regular expression ^.+(online).*$ with name tst
and rule in NAT section

/ip firewall nat
add action=dst-nat chain=dstnat comment="TMP-test" dst-address=My-external-ip dst-port=81 layer7-protocol=tst protocol=tcp to-addresses=10.10.10.141 to-ports=81

But doesn't work :(

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

S

shurshur, 2022-02-14
@shurshur

And it will not work, since the URI is transmitted only after the connection is established, at the time the connection is established, it is still impossible to identify where to redirect the traffic. To solve this problem, you need to use a reverse proxy, which is popular to use nginx. But since there is no need to scatter over several different servers, it is easier to simply reject requests in the target web server that do not match the condition. If for some reason this is not possible (for example, the server is a foreign application in which nothing can be changed), then nginx can be cut.

R

rPman, 2022-02-14
@rPman

this is pointless, since the url is hidden from the router by https encryption,
if you still need it for http, then do it through a proxy, if necessary, a transparrent proxy (it seems to have been launched on Mikrotik once), pass traffic through your proxy, which will be logically what you want how to change the connection address and set up external redirects on the router), but I won’t advise how to do it on Mikrotik