Answer the question
In order to leave comments, you need to log in
A
A
Artem Pashchenko2019-09-13 12:15:44
Artem Pashchenko, 2019-09-13 12:15:44
How to set up Mikrotik DSTNAT for all but one subdomain?
Hello.
There is Mikrotik RB1100AHx2. There is a site site.ru which addresses on external ip 1.1.1.1 (eth1 mikrota). But physically the site is in a different place 2.2.2.2 Accordingly, microt dstnat'it everything that comes to port 80 goes there.
The task is that the
lk.site.ru subdomain has appeared, which also addresses to 1.1.1.1, but it needs to be turned to the internal 192.168.0.100, and all other traffic should also be redirected to 2.2.2.2
, made a redirect to it, registered site.ru (2.2.2.2) and lk.site.ru (192.168.0.100) in the static dns. The main site works, lk - nifiga. What am I doing wrong, am I digging there at all, and what else can I think of with this?
2 answer(s)
@numufar
You twist a nail into metal with a wrench. Reverse proxy....
@dronmaxman
P
poisons, 2019-09-13 @numufar
What am I doing wrong
You twist a nail into metal with a wrench. Reverse proxy....
A
Andrey Barbolin, 2019-09-13 @dronmaxman
It is possible, but difficult. If done by means of microtas, then the question falls into the category of complex ones.
You need L7, intercepting packets towards lk.site.ru and wrapping the same packets in a separate routing table. Unfortunately now there is no microt at hand to test and write how to do it exactly.
/ip firewall layer7-protocol
add name=site.ru regexp="^.+(lk.site.ru).*$"
/ip firewall mangle
add action=mark-connection chain=prerouting protocol=udp dst-port=80 connection-mark=no-mark layer7-protocol=site.ru new-connection-mark=site_conn assthrough=yes
add action=mark-packet chain=prerouting connection-mark=site_conn new-packet-mark=
site_packet but not sure.
Similar questions
S
R
E
J
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question