Doubt implementation.
All Replies
-
sl2711 said:How would you do to "route" the URL that comes from NAS1.COM so that it goes to NAS1 with ip 10.0.0.10 regardless of which WAN is entering the request.You can't, for the simple reason that there is no NAS1.COM on that level. If a client wants to connect to NAS1.COM, it asks it's DNS for the IP address, and then tries to connect to that IP. At that moment your routing should be applied, but the only information the router has is the IP address and port of the client, and the accessed IP address and port of the router.0
-
Mijzelf said:sl2711 said:How would you do to "route" the URL that comes from NAS1.COM so that it goes to NAS1 with ip 10.0.0.10 regardless of which WAN is entering the request.You can't, for the simple reason that there is no NAS1.COM on that level. If a client wants to connect to NAS1.COM, it asks it's DNS for the IP address, and then tries to connect to that IP. At that moment your routing should be applied, but the only information the router has is the IP address and port of the client, and the accessed IP address and port of the router.Hello again.Thanks for your answer.I understand your answer and would like to explain again.Let's say that the user from NAS1.COM will arrive at the Zywall yes or yes. Let's say I have a ddns and it solves. The question is WHEN I ARRIVE AT THE ZYWALL, it may be that I arrive by WAN1 or WAN2. The question is, no matter where you go, you finally access your IP locally.0
-
You can easily forward port 21 from WAN1 and WAN2 to the same LAN IP, and you can also forward them to different LAN IP's if you like, but you can't forward them on base of the accessed domain, because the router doesn't know that.
0 -
Mijzelf said:You can easily forward port 21 from WAN1 and WAN2 to the same LAN IP, and you can also forward them to different LAN IP's if you like, but you can't forward them on base of the accessed domain, because the router doesn't know that.
0 -
If WAN IP1 is for NAS1.COM and WAN IP2 is for NAS2.COM then there is no problem.
You can't say if WAN IP1 goes down have both NAS1.COM and NAS2.COM by WAN IP2....at least not in the easy way....like for SSL the way a USG could run is the remote client end does the SYN then USG send a SYN, ACK, ACK then client hello at that point the USG can see if its NAS1.COM or NAS2.COM then USG sends a RST then the client sends a SYN again but this time the USG goes to the remembered NAS1.COM or NAS2.COM server NAT.
Of course this would need to be implemented...
0 -
In Generl.About Load balance only one URL represents in internet. (like www.amazon.com)
And the device acts as NS server responsed to different WAN IP address.And perform NAT to the internal server.I guess this should be what you want(Note: dedicated device only like F5,A10..)
If the device cannot use round-robin or whatever method to respond to different WAN IPs, then will not satisfy you.I found there is DNS Load balancing in zywall.You could set that.And ask NS point to FW then set two Virtual server LB for wan1, wan2.I haven't tried that, might worth a try. Good luck.Hope it is workarond for you.
0 -
PeterUK said:
If WAN IP1 is for NAS1.COM and WAN IP2 is for NAS2.COM then there is no problem.
You can't say if WAN IP1 goes down have both NAS1.COM and NAS2.COM by WAN IP2....at least not in the easy way....like for SSL the way a USG could run is the remote client end does the SYN then USG send a SYN, ACK, ACK then client hello at that point the USG can see if its NAS1.COM or NAS2.COM then USG sends a RST then the client sends a SYN again but this time the USG goes to the remembered NAS1.COM or NAS2.COM server NAT.
Of course this would need to be implemented...
WJS said:In Generl.About Load balance only one URL represents in internet. (like www.amazon.com)
And the device acts as NS server responsed to different WAN IP address.And perform NAT to the internal server.I guess this should be what you want(Note: dedicated device only like F5,A10..)
If the device cannot use round-robin or whatever method to respond to different WAN IPs, then will not satisfy you.I found there is DNS Load balancing in zywall.You could set that.And ask NS point to FW then set two Virtual server LB for wan1, wan2.I haven't tried that, might worth a try. Good luck.Hope it is workarond for you.Thank you all for your responses.WJS, thank you for your approach.The problem is that as I think you propose the solution, it is not a "balancing" between the 2 NAS, since one will provide a service and the other will provide another service.The question was that it was known where the request came from and from there it was redirected internally, regardless of the wan it came from.Perhaps the best solution would be to implement a proxy reserver internally? That the requests for port 21 always reach that reverse proxy and then the one if it resolves towards one side or the other.I have this problem with several ports, since I have them repeated.If I set each host to a wan I have no problem (it is how I have it now), because in this way through 1: 1 nat it redirects the traffic. The problem is that if I was currently dropping 1 wan, that service would be lost.0 -
sl2711 said:Perhaps the best solution would be to implement a proxy reserver internally? That the requests for port 21 always reach that reverse proxy and then the one if it resolves towards one side or the other.I have this problem with several ports, since I have them repeated.As you are mentioning port 21, I suppose it's FTP. For FTP you can't implement a proxy server this way, as the protocol doesn't implement a way to know which domain is accessed. For HTTP(S) this can be done, as the request header contains the domain name.Basically the first thing an FTP client says is: 'I want to login as user,password', while a HTTP client says: 'I want page index.html from domain NAS1.COM'.You mention several ports, but it's the protocol used which dictates if a proxy server can be used.0
-
I mention several ports because the problem of repeated ports occurs to me in several.
0 -
I still have doubts about the implementation.
I have made a diagram in case it is clearer. Let's say I have two NAS and depending on which URL it comes from (it can come from WAN1 or WAN2), I want it to redirect the traffic to one or the other.
For example: if the connection comes from nas1.zyxel.com you will redirect me to the local ip 192.168.0.10, if on the contrary it comes from nas2.zyxel.com you will redirect it to 192.168.0.20. All the best.
0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 144 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.6K Security
- 237 USG FLEX H Series
- 267 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.3K Consumer Product
- 247 Service & License
- 384 News and Release
- 83 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.2K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight