Doubt implementation.

Hello everyone, I have a question about how to carry out an implementation and I wanted to consult with you, to see if I find any way that I do not know.

I will explain the situation and the setting.

Imagine that after my Zywall I have 2 NAS (not to complicate much). They both use port 21, and let's say it should stay that way.

from the outside, I will have two access URL's, example:

NAS1.COM -> NAS1, PORT 21 ip 10.0.0.10
NAS2.COM -> NAS2, PORT 21 ip 10.0.0.20

My idea is to perform load balancing using my 2 WAN's.

A critical option without the possibility of load balancing is to assign each NAS to a WAN interface so that the URL will always point to the same site, but it is not what I want.

How would you do to "route" the URL that comes from NAS1.COM so that it goes to NAS1 with ip 10.0.0.10 regardless of which WAN is entering the request.

Sorry if I have not explained myself clearly enough.

Summary: I receive a URL through one of the two available wans, and I have to route to the nas .10 or .20 depending on the URL where it comes from.

It would be something similar to reverse proxies and virtual hosts, I think I understand.

A greeting and thanks in advance.
«1

All Replies

  • Mijzelf
    Mijzelf Posts: 2,753  Guru Member
    250 Answers 2500 Comments Friend Collector Seventh Anniversary
    sl2711 said:
    How would you do to "route" the URL that comes from NAS1.COM so that it goes to NAS1 with ip 10.0.0.10 regardless of which WAN is entering the request.
    You can't, for the simple reason that there is no NAS1.COM on that level. If a client wants to connect to NAS1.COM, it asks it's DNS for the IP address, and then tries to connect to that IP. At that moment your routing should be applied, but the only information the router has is the IP address and port of the client, and the accessed IP address and port of the router.

  • sl2711
    sl2711 Posts: 14
    Mijzelf said:
    sl2711 said:
    How would you do to "route" the URL that comes from NAS1.COM so that it goes to NAS1 with ip 10.0.0.10 regardless of which WAN is entering the request.
    You can't, for the simple reason that there is no NAS1.COM on that level. If a client wants to connect to NAS1.COM, it asks it's DNS for the IP address, and then tries to connect to that IP. At that moment your routing should be applied, but the only information the router has is the IP address and port of the client, and the accessed IP address and port of the router.

    Hello again.
    Thanks for your answer.

    I understand your answer and would like to explain again.
    Let's say that the user from NAS1.COM will arrive at the Zywall yes or yes. Let's say I have a ddns and it solves. The question is WHEN I ARRIVE AT THE ZYWALL, it may be that I arrive by WAN1 or WAN2. The question is, no matter where you go, you finally access your IP locally.
  • Mijzelf
    Mijzelf Posts: 2,753  Guru Member
    250 Answers 2500 Comments Friend Collector Seventh Anniversary
    You can easily forward port 21 from WAN1 and WAN2 to the same LAN IP, and you can also forward them to different LAN IP's if you like, but you can't forward them on base of the accessed domain, because the router doesn't know that.
  • sl2711
    sl2711 Posts: 14
    Mijzelf said:
    You can easily forward port 21 from WAN1 and WAN2 to the same LAN IP, and you can also forward them to different LAN IP's if you like, but you can't forward them on base of the accessed domain, because the router doesn't know that.
    The problem is that if you don't know where it comes from, you won't know where to redirect traffic ...
  • PeterUK
    PeterUK Posts: 3,326  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary
    edited December 2021

    If WAN IP1 is for NAS1.COM and WAN IP2 is for NAS2.COM then there is no problem.

    You can't say if WAN IP1 goes down have both NAS1.COM and NAS2.COM by WAN IP2....at least not in the easy way....like for SSL the way a USG could run is the remote client end does the SYN then USG send a SYN, ACK, ACK then client hello at that point the USG can see if its NAS1.COM or NAS2.COM then USG sends a RST then the client sends a SYN again but this time the USG goes to the remembered NAS1.COM or NAS2.COM server NAT.

    Of course this would need to be implemented...  


  • WJS
    WJS Posts: 155  Master Member
    5 Answers First Comment Friend Collector Second Anniversary
    edited December 2021
    In Generl.About Load balance only one URL represents in internet. (like www.amazon.com)
    And the device acts as NS server responsed to different WAN IP address.And perform NAT to the internal server.I guess this should be what you want(Note: dedicated device only like F5,A10..)
    If the device cannot use round-robin or whatever method to respond to different WAN IPs, then will not satisfy you. 

    I found there is DNS Load balancing in zywall.

    You could set that.And ask NS point to FW then set two Virtual server LB for wan1, wan2.
    I haven't tried that, might worth a try. Good luck.Hope it is workarond for you.

  • sl2711
    sl2711 Posts: 14
    PeterUK said:

    If WAN IP1 is for NAS1.COM and WAN IP2 is for NAS2.COM then there is no problem.

    You can't say if WAN IP1 goes down have both NAS1.COM and NAS2.COM by WAN IP2....at least not in the easy way....like for SSL the way a USG could run is the remote client end does the SYN then USG send a SYN, ACK, ACK then client hello at that point the USG can see if its NAS1.COM or NAS2.COM then USG sends a RST then the client sends a SYN again but this time the USG goes to the remembered NAS1.COM or NAS2.COM server NAT.

    Of course this would need to be implemented...  



    WJS said:
    In Generl.About Load balance only one URL represents in internet. (like www.amazon.com)
    And the device acts as NS server responsed to different WAN IP address.And perform NAT to the internal server.I guess this should be what you want(Note: dedicated device only like F5,A10..)
    If the device cannot use round-robin or whatever method to respond to different WAN IPs, then will not satisfy you. 

    I found there is DNS Load balancing in zywall.

    You could set that.And ask NS point to FW then set two Virtual server LB for wan1, wan2.
    I haven't tried that, might worth a try. Good luck.Hope it is workarond for you.


    Thank you all for your responses.
    WJS, thank you for your approach.
    The problem is that as I think you propose the solution, it is not a "balancing" between the 2 NAS, since one will provide a service and the other will provide another service.
    The question was that it was known where the request came from and from there it was redirected internally, regardless of the wan it came from.
    Perhaps the best solution would be to implement a proxy reserver internally? That the requests for port 21 always reach that reverse proxy and then the one if it resolves towards one side or the other.
    I have this problem with several ports, since I have them repeated.

    If I set each host to a wan I have no problem (it is how I have it now), because in this way through 1: 1 nat it redirects the traffic. The problem is that if I was currently dropping 1 wan, that service would be lost.
  • Mijzelf
    Mijzelf Posts: 2,753  Guru Member
    250 Answers 2500 Comments Friend Collector Seventh Anniversary
    sl2711 said:

    Perhaps the best solution would be to implement a proxy reserver internally? That the requests for port 21 always reach that reverse proxy and then the one if it resolves towards one side or the other.
    I have this problem with several ports, since I have them repeated.

    As you are mentioning port 21, I suppose it's FTP. For FTP you can't implement a proxy server this way, as the protocol doesn't implement a way to know which domain is accessed. For HTTP(S) this can be done, as the request header contains the domain name.
    Basically the first thing an FTP client says is: 'I want to login as user,password', while a HTTP client says: 'I want page index.html from domain NAS1.COM'.
    You mention several ports, but it's the protocol used which dictates if a proxy server can be used.

  • sl2711
    sl2711 Posts: 14
    I mention several ports because the problem of repeated ports occurs to me in several.
  • sl2711
    sl2711 Posts: 14
    I still have doubts about the implementation.
    I have made a diagram in case it is clearer. Let's say I have two NAS and depending on which URL it comes from (it can come from WAN1 or WAN2), I want it to redirect the traffic to one or the other.

    For example: if the connection comes from nas1.zyxel.com you will redirect me to the local ip 192.168.0.10, if on the contrary it comes from nas2.zyxel.com you will redirect it to 192.168.0.20. All the best.


Security Highlight