Doubt implementation.

2»

All Replies

  • PeterUK
    PeterUK Posts: 2,652  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    edited May 2022

    Looking at it again its just not possible for even a ugly hack for FTP to be done like this.

    When you DNS to like 8.8.8.8 you find the IP then you do TCP but in that TCP session the client never says I'm going to this domain just the IP. The only way a hack could be done is if the client does DNS to the APT then the APT sees it wants nas1.zyxel.com and NAT to 192.168.0.10 per given source IP that did the DNS.


  • WJS
    WJS Posts: 123  Ally Member
    First Anniversary 10 Comments Friend Collector First Answer
    Still believe it's hard to implement by URL...or I didn't figure it out..
    Eventually  nas1/nas2.zyxel.com would resolve to IP addresses then do the DNAT.
    In order to reach the inquiry ("Load Sharing Between 2 Server). I think the following diagram should be reachable

    1) NS (Name Server) Should point Firewall , nas.zyxel.com would response 1.1.1.1 and 2.2.2.2 Round Robin.



    2) Set the Virtual Server Load Balancer NAT in Firewall (from WAN1, Real server 192.168.0.10,20 ; from WAN2,Real server 192.168.0.10,20)


Security Highlight