1

Currently my company has 6 Internet lines (1 Lease line and 5 fiber lines). Only the lease line (eth1) has the static IP address. So, if I want to give users access to secured site (That check IP addresses e.g. Apple Distinguish Educators login), I have to direct the request to the lease line:

 rule 71 {
     description some.secured.site
     destination {
         address 52.43.56.77
     }
     inbound-interface eth0
     interface eth1 {
         weight 200
     }
     protocol all
 }

But, the website keeps changing its IP addresses.

Is there anyway I can do the same but with domain name as destination?

Thanks, Trinh

Trinh Nguyen
  • 113
  • 6
  • I know it's only working on Level 3 but can we do something like a script to feed the current IP addresses of the domain and pass them to Vyatta configuration? – Trinh Nguyen Apr 19 '17 at 03:32
  • 1
    I know it doesn't help you, but pfSense with pfBlockerNG can auto-update firewall aliases based on URLs to lists of IP addresses. Maybe Vyatta/VyOS can do something like this? Then write a script that finds ALL the IP addresses that the website has? Maybe you are lucky and the website has an ASN? :) – UrkoM Apr 19 '17 at 10:10
  • 1
    Another idea: Set a static DNS mapping in your DNS server so at least for your network, that website ALWAYS resolves to an IP address that you know. For bonus points: make it refresh each night with the latest IP address that you can obtain externally. – UrkoM Apr 19 '17 at 10:13
  • Thanks @UrkoM Those are good ideas. So come the next problem, everytime I change the load balancing configuration, vyatta stops forwarding packages and clients blocked from the internet :D Then, I have to restart it every single time. – Trinh Nguyen Apr 19 '17 at 11:51
  • Yeah, that problem we had for a long time. You'd have to ask someone else – UrkoM Apr 20 '17 at 11:58

0 Answers0