Page 1 of 1
ip address to apache port
Posted: Mon Oct 31, 2016 7:14 pm
by kaltersia
i have 3 diferent webpages on apache
what i have
ip addres of apache webserver "1" 192.168.5.2:81
ip addres of apache webserver "2" 192.168.5.2:82
ip addres of apache webserver "3" 192.168.5.2:83
i want user with ip address xxx.xx.xxx.1 send to webserver "1"
i want user with ip address xxx.xxx.xx.2 send to webserver "2"
i want user with ip address xx.xxx.xxx.3 send to webserver "3"
all those users with those ip addresses are outside my network and apache is in my network.
scenario ip user >mikrotik router> webserver
is there any way to acomplishe that,
can't figure out by myself , spend days on it with no luck .
Re: ip address to apache port
Posted: Mon Oct 31, 2016 7:25 pm
by Delte
Hi,
Port forwarding will resolve your issue simply.
Re: ip address to apache port
Posted: Mon Oct 31, 2016 7:29 pm
by kaltersia
Hi,
Port forwarding will resolve your issue simply.
how ?
could you write an example.
Re: ip address to apache port
Posted: Mon Oct 31, 2016 7:46 pm
by Delte
Hi Kaltersia,
try this below firewall nat rules.
add action=dst-nat chain=dstnat dst-address=202.X.X.X dst-port=81 in-interface=ether1-gateway protocol=tcp to-addresses=192.168.5.2 to-ports=81
add action=dst-nat chain=dstnat dst-address=202.X.X.X dst-port=81 in-interface=ether1-gateway protocol=udp to-addresses=192.168.5.2 to-ports=81
add action=dst-nat chain=dstnat dst-address=202.X.X.X dst-port=82 in-interface=ether1-gateway protocol=tcp to-addresses=192.168.5.2 to-ports=82
add action=dst-nat chain=dstnat dst-address=202.X.X.X dst-port=82 in-interface=ether1-gateway protocol=udp to-addresses=192.168.5.2 to-ports=82
add action=dst-nat chain=dstnat dst-address=202.X.X.X dst-port=83 in-interface=ether1-gateway protocol=tcp to-addresses=192.168.5.2 to-ports=83
add action=dst-nat chain=dstnat dst-address=202.X.X.X dst-port=83 in-interface=ether1-gateway protocol=udp to-addresses=192.168.5.2 to-ports=83
Please change "202.X.X.X" to your public ip address.
To take access of web server please try 202.X.X.X:81 from outside of your network.
Also note that port of webserver you are mentioned in rule must be same as you access in from your internal network.
Re: ip address to apache port
Posted: Mon Oct 31, 2016 8:08 pm
by kaltersia
Hi Kaltersia,
try this below firewall nat rules.
add action=dst-nat chain=dstnat dst-address=202.X.X.X dst-port=81 in-interface=ether1-gateway protocol=tcp to-addresses=192.168.5.2 to-ports=81
add action=dst-nat chain=dstnat dst-address=202.X.X.X dst-port=81 in-interface=ether1-gateway protocol=udp to-addresses=192.168.5.2 to-ports=81
add action=dst-nat chain=dstnat dst-address=202.X.X.X dst-port=82 in-interface=ether1-gateway protocol=tcp to-addresses=192.168.5.2 to-ports=82
add action=dst-nat chain=dstnat dst-address=202.X.X.X dst-port=82 in-interface=ether1-gateway protocol=udp to-addresses=192.168.5.2 to-ports=82
add action=dst-nat chain=dstnat dst-address=202.X.X.X dst-port=83 in-interface=ether1-gateway protocol=tcp to-addresses=192.168.5.2 to-ports=83
add action=dst-nat chain=dstnat dst-address=202.X.X.X dst-port=83 in-interface=ether1-gateway protocol=udp to-addresses=192.168.5.2 to-ports=83
Please change "202.X.X.X" to your public ip address.
To take access of web server please try 202.X.X.X:81 from outside of your network.
Also note that port of webserver you are mentioned in rule must be same as you access in from your internal network.
______________________________________________________
already done that. i can access my webserver from outside network.
here is where the tricky part starts, lets assume the user writes my publik ip address without the port number in his browser and he is taken to myip:80 , but i only have ip address and i want that ip address that comes on port 80 to dst-nat to another port "in my case to port 81,82 and port 83
.
any ip to por 80
specific ip to the port i want.
Re: ip address to apache port
Posted: Mon Oct 31, 2016 8:36 pm
by Delte
You must need to configure a DNS server for it & point as you like.
And you will be able to resolve the issue something like this.
web1.example.com
web2.example.com
web3.example.com
Re: ip address to apache port
Posted: Mon Oct 31, 2016 8:48 pm
by Sob
Is this what you want?
/ip firewall nat
add action=dst-nat chain=dstnat dst-address-type=local dst-port=80 protocol=tcp src-address=x.x.x.1 \
to-addresses=182.168.5.2 to-ports=81
add action=dst-nat chain=dstnat dst-address-type=local dst-port=80 protocol=tcp src-address=x.x.x.2 \
to-addresses=182.168.5.2 to-ports=82
add action=dst-nat chain=dstnat dst-address-type=local dst-port=80 protocol=tcp src-address=x.x.x.3 \
to-addresses=182.168.5.2 to-ports=83
(at least that's how I understand the request)
Re: ip address to apache port
Posted: Tue Nov 01, 2016 6:54 pm
by kaltersia
thanks all.
i solved this way
/ip firewall nat
add action=dst-nat chain=dstnat dst-port=80 protocol=tcp src-address=x.x.x.1 to-addresses=192.168.5.2 to-ports=81
add action=dst-nat chain=dstnat dst-port=80 protocol=tcp src-address=x.x.x.2 to-addresses=192.168.5.2 to-ports=82
add action=dst-nat chain=dstnat dst-port=80 protocol=tcp src-address=x.x.x.3 to-addresses=192.168.5.2 to-ports=83
all this placed before
add action=dst-nat chain=dstnat comment="wan to apache" disabled=yes dst-address=myip to-addresses=\
192.168.5.2
works perfectly..
have a nice day everyone.
Re: ip address to apache port
Posted: Tue Nov 01, 2016 8:23 pm
by kaltersia
one last question , i know i'm not in the right forum to ask it.
can this be done directly in apache
again i explain
user with ip x.x.x.1 to acces only port 81
user with ip x.x.x.2 to acces only port 82
user with ip x.x.x.3 to acces only port 83
all other ip blocked
Re: ip address to apache port
Posted: Tue Nov 01, 2016 8:32 pm
by Sob
I'm sure you can set some access rules to prevent users from connecting to "wrong" port even if they added it manually. If you would like the whole thing, i.e. transparent redirection from port 80, I'm not sure, but I think it might be possible using some conditional proxy rules.