Domain based routing?


I use 4x IPFire firewalls with different internet connections for my network. To access some cloud services (https) via a dedicated internet connection (IPFire-B), I use static routes on my client’s standard gateway (IPFire-A). This redirects this data traffic to the intended IPFire-B.

Unfortunately, the cloud service provider does not use a static IP. He only offers domains for his services. This means I have to change the static routes from time to time. That sucks …

Does IPFire offer a solution or trick for domain based routing without using IP addresses?

I am grateful for every tip.


No, routing happens on basis of IP addresses. You would need an IP address range that never or rarely changes.

You could engage the web proxy, but that would probably make things difficult.


Thats correct, but maybe there is a service or addon that checks the domains actuel public ip from time to time and use this for static routes.


there is no such service, but that sounds like you could easily write a shell script that does this, and execute it via a Cron job every five minutes or so. :slight_smile:

Domain-based routing is tricky indeed, especially because DNS can be relatively nondeterministic (multiple A records, resolving operations fail, etc.), and unless the FQDN in question is DNSSEC-signed, you cannot trust the data. I have seen some proprietary vendors implementing domain-based routing or even firwalling, but usually hurt more than it helped.

Thanks, and best regards,
Peter Müller

1 Like