Results 1 to 8 of 8
  1. #1
    Untanglit
    Join Date
    Jan 2010
    Posts
    29

    Default Domain-based destination routing?

    Is it possible to do domain-based destination routing with WAN Balancer? Optimally, I'd like to be able to create a rule that wouldn't necessarily be tied to a particular WAN interface, but would try to use the same WAN interface for every connection from a given internal host to a given external server or domain.

    For example, a client is an Apple reseller, and uses several Apple corporate sites, all of which use a common authentication server. When they hit one of these sites, their browser is redirected to a login server, which then spits them over to an authentication server, which then spits them back to the original site. All of these connections need to go across the same WAN interface, or it breaks the authentication tokens and they can't login at all.

    So, what I want to do is this: If an internal machine, 192.168.1.x, makes a connection to *.apple.com, then I want WAN Balancer to pick an interface (any interface) for all of that machine's connections to *.apple.com for the next, say, 12 hours (that's the big question...how long should the forward last?).

    I don't want to have to tie it to a particular WAN interface, because then I lose the redundancy, but if the "big question" is too much to deal with, then the minimum requirement would be to tie all connections to *.apple.com to a particular interface.

    C'est possible?

  2. #2
    Master Untangler richie's Avatar
    Join Date
    Apr 2007
    Posts
    396

    Default

    you can do destination routes via advance > routes and specify which wan interface you want. this however will not do failover.

    you can just set source routing on the balancer to use a specific wan interface to use. if there is a failure on that wan, it would failover to other connection automatically.

  3. #3
    Untanglit
    Join Date
    Jan 2010
    Posts
    29

    Default

    Right now, that's the workaround...to set WAN Balancer to push all traffic across a specific interface. The trouble with that, of course, is that I no longer have access to the other WAN bandwidth unless the primary connection fails...so in this configuration, WAN Balancer is really just a redundancy to the WAN Failover module.

    What are the chances of getting domain-based (really FQDN-based) destination routing added to the WAN Balancer module? I don't want to use a route, because I don't care about the destination IP, just the destination hostname, and I don't want to lose failover.

  4. #4
    Master Untangler richie's Avatar
    Join Date
    Apr 2007
    Posts
    396

    Default

    so you want to apply a sticky wan to a specific destination host and the rest will get balanced ?

    bugzilla.untangle.com

  5. #5
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,400

    Default

    The process of figuring out what IP address to connect to is up to the client. That is DNS, and outside the scope of Untangle.

    You CANNOT "forward" based on domain names. You must use IP addresses, domain name forwarding is properly called reverse proxying. Untangle has the software to be a reverse proxy, but the GUI doesn't support configuring Apache in that way.

    Finally, as for your questions about the WAN balancer. Port forward rules are used to move traffic from a WAN interface to a LAN interface. The sessions generated are sticky, so a connection that comes in WAN1 will always go out WAN1.

    So it is possible to have a single internal server listening on TCP 80 providing HTTP services. This server uses Untangle for its default gateway. Untangle with two or more WAN interfaces would have a separate port forward rule for each IP address you need to send to the HTTP server, WAN interface is actually irrelevant at this point unless you make it relevant in the forward rule itself. Just make the rules, and you can redirect as many requests on as many IPs on as many WANs as you have to the web server. Untangle's sticky session magic built into the WAN Balancer will handle the job of making sure each response goes out the appropriate WAN address.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  6. #6
    Untanglit
    Join Date
    Jan 2010
    Posts
    29

    Default

    Let me be sure I'm being clear...I'm only talking about outgoing connections here. I'm looking for WAN Balancer to have destination rules, similar to say the Web Filter module. In Web Filter, I can block outgoing access to *.facebook.com. I'd like the same sort of functionality in WAN Balancer--to be able to force any outgoing connections being made to *.apple.com to use a selected WAN interface, thus disabling load balancing for outgoing connections to that host/domain. Failover should still work.

  7. #7
    Newbie
    Join Date
    Jan 2011
    Posts
    1

    Thumbs up

    +1 I have a customer who'd like to send all VoIP traffic out via one dedicated ADSL connection while their normal internet browsing goes out via the second ADSL connection.

    In the event that one or the other fails, then the traffic should exit via the remaining active link.

    Is this suitable for bugzilla.untangle.com ?

  8. #8
    Newbie
    Join Date
    Aug 2010
    Posts
    5

    Default

    I have a friend who's using the wan balancer. He'd like to put all smtp/pop/IMAP on his t-1 and leave everything else on his comcast connection. Would this be better done on the firewall or using the balancer for something like this?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2