Host alias with same ip in firewall rules

  • Hello,

    I have two gateways with the same isp with which I need to register sip accounts, the registration ip is the same. I have created 2 entries dns:
    sip01.isp.local -> alias SIP01 and  sip02.isp.local -> alias SIP02, in this way I want to configure the output of each of the accounts that I need to register for a different gateway but when applying firewall rules the first one always applies.

    This is my firewall rules:

    Protocol         Source         Port Destination Port Gateway

    IPv4 TCP/UDP * SIP02 * GW1

    IPv4 TCP/UDP * SIP01 * GW2

    Allways apply the first rule.

    Any ideas???


  • Rebel Alliance Developer Netgate

    Those rules are essentially identical. It doesn't matter that you named the alias something different, the source and destination addresses are the same so only the first one can match.

  • jimp, thanks for your answer,

    Dou you know any way to do this?


  • Rebel Alliance Developer Netgate

    If the source and destination are the same and there is no way to tell them apart, there is no way you can have the firewall make a decision to send them out different gateways. Something must be different about the request that you can match with firewall rules.

  • For HTTP(S) you usually use a reverse proxy for such redirection, for other protocols such proxies may not be available. The key is that the proxy can identify the destination based on the application payload (in case of HTTP the destination FQDN in the HTTP headers) and decide which destination address the traffic should be sent to.

Log in to reply