Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Host alias with same ip in firewall rules

    Scheduled Pinned Locked Moved Firewalling
    5 Posts 3 Posters 384 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      darkwood
      last edited by

      Hello,

      I have two gateways with the same isp with which I need to register sip accounts, the registration ip is the same. I have created 2 entries dns:
      sip01.isp.local -> 10.31.255.134 alias SIP01 and  sip02.isp.local -> 10.31.255.134 alias SIP02, in this way I want to configure the output of each of the accounts that I need to register for a different gateway but when applying firewall rules the first one always applies.

      This is my firewall rules:

      Protocol         Source         Port Destination Port Gateway

      IPv4 TCP/UDP 192.168.1.160 * SIP02 * GW1

      IPv4 TCP/UDP 192.168.1.160 * SIP01 * GW2

      Allways apply the first rule.

      Any ideas???

      Greetings.

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        Those rules are essentially identical. It doesn't matter that you named the alias something different, the source and destination addresses are the same so only the first one can match.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • D
          darkwood
          last edited by

          jimp, thanks for your answer,

          Dou you know any way to do this?

          Thanks.

          1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by

            If the source and destination are the same and there is no way to tell them apart, there is no way you can have the firewall make a decision to send them out different gateways. Something must be different about the request that you can match with firewall rules.

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • K
              kpa
              last edited by

              For HTTP(S) you usually use a reverse proxy for such redirection, for other protocols such proxies may not be available. The key is that the proxy can identify the destination based on the application payload (in case of HTTP the destination FQDN in the HTTP headers) and decide which destination address the traffic should be sent to.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.