3

I have one public static IP address.
I have my main domain register at local Internet provider and their DNS.

My main router is pfSense and behind it i have my local network.

My WEB server is in local LAN and pfSense doing NAT (port redirect) WEB traffic to local server.
Now I need one more web server inside my LAN (on another local IP address) (etc mail server) and I need another domain or subdomain.

Can I register a new domain pointed to the same public IP address, and tell pfSense to do different redirecting of traffic according to domain? I am planing to use both domains under HTTP (80) port.

Is it possible to pFsense redirect to one local IP when request calling domain.com and to do different port forwarding when request on the same public IP adders calling subdomain.domain.com ?

If this is possible which one of Pfsense modules I should I install and configure, and how?

squillman
  • 37,618
  • 10
  • 90
  • 145
adopilot
  • 1,501
  • 6
  • 25
  • 40

4 Answers4

5

This can be done with the squid3 package. squid3 includes a Reverse Proxy server

Install the squid3 package...

  1. System > Packages
  2. Scroll down to squid3 and press the + button

After installation go to Services > Reverse Proxy

Under the General tab...

  1. Reverse Proxy interface: WAN
  2. external FQDN: YourFQDN.com (this should be your main name, but it doesn't mean you're limited to subdomains of the name you put there)
  3. Enable HTTP reverse mode checked

Under the Web Servers tab, add the (internal) IP of each of your servers

  1. Press the + button
  2. Enable this peer checked
  3. Peer Alias: make up a nickname for your server
  4. Peer IP: the IP address of your server
  5. Peer Port the port for your server (probably 80)
  6. Save

Under the Mappings tab, add the domain name for each of your servers

  1. Enable this URI checked
  2. Group name: make up a nickname
  3. Peers: select the corresponding server you setup in the Web Servers tab
  4. Save

Finally, under Firewall > Rule, create rule to direct traffic to the reverse proxy server

  1. Press the + button to add a rule
  2. The default settings...
    • Pass, WAN, TCP, Source Type any
  3. Destination: WAN address
  4. Destination port range: HTTP
  5. Save

This rule should be LAST if you have other rules configured forwarding from the outside in.

Any names you use must be registered to point to your external IP-- so if your domain name is example.com, in order to create subdomains in pfsense you will need to setup a record with your domain registrar point *.example.com.

I learned from this helpful tutorial: http://sdrv.ms/V8qLfK

ak112358
  • 153
  • 1
  • 5
3

You can't do this with NAT because NAT only cares about IP Addresses and Ports (Layer 3 + 4). The HTTP Host header is above that so NAT implementations are never aware of it.

To achieve what you are looking for, you need a Reverse Proxy. (Apache, Squid, nginx, lighttpd etc). A reverse proxy is capable of examining the Host header in the HTTP request and forwarding the traffic to the appropriate server.

fukawi2
  • 5,327
  • 3
  • 30
  • 51
  • pFsense have ability to install most of them You have mentioned, Can you please give me more details accomplish task with any of these. – adopilot Sep 28 '13 at 23:25
1

This is possible! I've successfully done something very similar using squid reverse proxy. There are guides on setting it up, but it is pretty easy. Start by installing it via the pfsense package manager, then configure some servers and mappings.

How this works:

It basically starts a web server on port 80, or 443 if you use the https option. You can then define subdomains, like "web.mydomain.com" and "portal.mydomain.com", etc, and configure where they forward to on the internal network.

Then, it will parse the request url and pass it to the appropriate server. I am taking this one step further and running two https based services on one server, using different ports. service1.mydomain.com will connect to https:// server :8443, while service2.mydomain.com will connect to https:// server :8444

FYI, My subdomains on the domain registrar's dns all point to the same "external facing" WAN IP on the pfsense box.

Does this help?

Evan Jensen
  • 11
  • 1
-1

You have to add dnsmasq package. Get details here:

http://hubpages.com/hub/Port-Forwarding-in-pfSense-How-to-Configure-NAT# http://east82.com/howto/dns_forwarding/configure_DNS_forwarding_pfsense.htm

kmnair
  • 1