0

I have a service on my network at 192.168.1.60, the service is listening on port 8008. I have setup a DNS host override in PFSense so I can type in emby.mydomain.com and it will direct the traffic to 192.168.1.60. However, since the service is listening on port 8008 I cannot access it unless I use emby.mydomain.com:8008

I want to sort out a way for PFSense to take emby.mydomain.com and use emby.mydomain.com:8008 or 192.168.1.60:8008. I can't have the service listen on port 80 or 443 since those are privileged.

I can't set a port on the host override, and nat does not seem to apply to this. Where and how could I do this in PFSense?

Douglas Gaskell
  • 266
  • 1
  • 3
  • 11
  • I don't think this is possible. The way it's done is usually a redirection but for that you need port 80 access. You could possibly proxy it through somehow. – Tim Aug 17 '17 at 00:59
  • @Tim Just read about squid, would that be a possibility? – Douglas Gaskell Aug 17 '17 at 01:06
  • 1
    Nothing will work if you can't listen on port 80 on one machine or other. Squid tends to be used as a caching proxy. Nginx would be more suitable as a proxy. – Tim Aug 17 '17 at 01:15
  • Is there already of different service listening on port 80? If not, you can use iptables NAT on emby.mydomain.com (assuming it is Linux) to port forward, e.g. `iptables -t nat -A PREROUTING -d emby.mydomain.com -p tcp --dport 80 -j DNAT --to-destination emby.mydomain.com:8008`. – Jeremy Dover Aug 17 '17 at 01:16
  • @JeremyDover emby is running on a Jail, there is a service on the host listening on port 80, does that matter? – Douglas Gaskell Aug 17 '17 at 01:17
  • Yes! If there's already a service listening on port 80, the iptables rule above will DoS it. I think @Tim is right...in order to distinguish your emby.mydomain.com traffic from legit traffic heading to port 80 on your host, you need to distinguish between the names in the HTTP headers, which requires some sort of deep inspection. I think Squid can do the job, but that is using a sledgehammer on a finishing nail, as Tim mentions. You would need to use iptables to NAT incoming traffic from port 80 to your proxy, then distribute the traffic back to the correct services over loopback. – Jeremy Dover Aug 17 '17 at 01:25

0 Answers0