Host alias with same ip in firewall rules

darkwood

Hello,

I have two gateways with the same isp with which I need to register sip accounts, the registration ip is the same. I have created 2 entries dns:
sip01.isp.local -> 10.31.255.134 alias SIP01 and  sip02.isp.local -> 10.31.255.134 alias SIP02, in this way I want to configure the output of each of the accounts that I need to register for a different gateway but when applying firewall rules the first one always applies.

This is my firewall rules:

Protocol         Source         Port Destination Port Gateway

IPv4 TCP/UDP 192.168.1.160 * SIP02 * GW1

IPv4 TCP/UDP 192.168.1.160 * SIP01 * GW2

Allways apply the first rule.

Any ideas???

Greetings.

jimp

Those rules are essentially identical. It doesn't matter that you named the alias something different, the source and destination addresses are the same so only the first one can match.

darkwood

jimp, thanks for your answer,

Dou you know any way to do this?

Thanks.

jimp

If the source and destination are the same and there is no way to tell them apart, there is no way you can have the firewall make a decision to send them out different gateways. Something must be different about the request that you can match with firewall rules.

kpa

For HTTP(S) you usually use a reverse proxy for such redirection, for other protocols such proxies may not be available. The key is that the proxy can identify the destination based on the application payload (in case of HTTP the destination FQDN in the HTTP headers) and decide which destination address the traffic should be sent to.