-
Aha. So what am I looking for if not Layer7 stuff? Basically, its subdomain routing, but I don't have a clue where to implement that on pfsense.
-
L7 is what you are after…..if it only blocks, then basic function is not working.
Aha. So what am I looking for if not Layer7 stuff? Basically, its subdomain routing, but I don't have a clue where to implement that on pfsense.
-
Can you describe what you want to do with layer7?
It was meant for QoS/filtering traffic, i do not understand what you are after!
-
He wants to route a subdomain to a different server, based on header inspection and packet contents….
:)
-
L7 is to identify protocols. HTTP is HTTP, it going to one destination rather than some other one isn't going to look any different to L7. It sounds like you're overthinking it though, if you just want to route traffic to one specific destination, just use its IP in a firewall rule, I doubt if your web server has a dynamic IP where that might be problematic.
-
To implement layer7 routing there is some development needed, so there needs to be a budget behind because it is not an easy thing.
If you are interested…..follow-up. I have no plans to implement this in the near future. -
Well, reading up in the definitive guide, I realize that what I'm looking for is not Layer7 routing, rather a split DNS.
Sorry folks.
-
Why? Just to be corious…
Well, reading up in the definitive guide, I realize that what I'm looking for is not Layer7 routing, rather a split DNS.
Sorry folks.
-
Well, because my subdomain externally resolves to out single static IP address, which internally needs to resolve to something else.
So, from anywhere I'd be typing camera.myweb.com and it would resolve to 20.100.0.10 and internally that would need to be resolved to 192.168.20.15.
Unless I've got the whole thing wrong…
-
Are both hosted on the same WAN IP of your setup??
-
Yes they are. Does that carry any significance?
[edit]
Silly me, of course it does!
How should I do this? -
Then how do you plan to route the traffic when it enters the PFSense???
Edit: Ok….then PFSense would not be able to handle the traffic.....it has to be header based routing and that takes L7 capability.
Squid could be an option for solving this, but I am not that much into Squid.
I use ISAserver from Microsoft to handle my L7 traffic. I only use PFSense as a frontend....
But this will change the moment PF can handle L7 and publish all what is behind ....
Yes they are. Does that carry any significance?
-
I'm realizing just how stupid I can be by the second.
I don't want to have to do port forwarding but I will if I must. Suggestions?
[Edit]
Aha, so I was given good advice (re L7)!
Well, then my question is now whether PFsense's L7 implementation (which I currently see as "block" only) will encompass this?
-
Thats the only current way to do it at the moment.
I'm realizing just how stupid I can be by the second.
I don't want to have to do port forwarding but I will if I must. Suggestions?
-
dagnabit!
I tried squid before but Lordy did it slow down the whole network.
Is there a reference on squid and pfsense? I could have easily bungled the whole thing.
-
http://www.squid-cache.org/
-
Pffft!
I just downloaded ISA off of MSDN, figuring I should use it. Now, here's the irony, it doesn't run on a 64bit computer. All our servers are 64bit computers.
Squid it is.
-
Just put it in a virtual pc running 32 bit… ;)
Pffft!
I just downloaded ISA off of MSDN, figuring I should use it. Now, here's the irony, it doesn't run on a 64bit computer. All our servers are 64bit computers.
Squid it is.
-
And another thing, I'm starting to hate today real bad, I installed squid about an hour ago, and now it won't uninstall. Tried going to the command line and typed "pkg_info" but its not there, meanwhile, looking at the list of installed packages, its there and will not go away. Rebooting is not helping.
Man, you're hating me now aren't you? :)
Thank you LOADS for putting up with me today man, real nice of you.
-
No worries :)
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.