Layer7
-
L7 is to identify protocols. HTTP is HTTP, it going to one destination rather than some other one isn't going to look any different to L7. It sounds like you're overthinking it though, if you just want to route traffic to one specific destination, just use its IP in a firewall rule, I doubt if your web server has a dynamic IP where that might be problematic.
-
To implement layer7 routing there is some development needed, so there needs to be a budget behind because it is not an easy thing.
If you are interested…..follow-up. I have no plans to implement this in the near future. -
Well, reading up in the definitive guide, I realize that what I'm looking for is not Layer7 routing, rather a split DNS.
Sorry folks.
-
Why? Just to be corious…
Well, reading up in the definitive guide, I realize that what I'm looking for is not Layer7 routing, rather a split DNS.
Sorry folks.
-
Well, because my subdomain externally resolves to out single static IP address, which internally needs to resolve to something else.
So, from anywhere I'd be typing camera.myweb.com and it would resolve to 20.100.0.10 and internally that would need to be resolved to 192.168.20.15.
Unless I've got the whole thing wrong…
-
Are both hosted on the same WAN IP of your setup??
-
Yes they are. Does that carry any significance?
[edit]
Silly me, of course it does!
How should I do this? -
Then how do you plan to route the traffic when it enters the PFSense???
Edit: Ok….then PFSense would not be able to handle the traffic.....it has to be header based routing and that takes L7 capability.
Squid could be an option for solving this, but I am not that much into Squid.
I use ISAserver from Microsoft to handle my L7 traffic. I only use PFSense as a frontend....
But this will change the moment PF can handle L7 and publish all what is behind ....
Yes they are. Does that carry any significance?
-
I'm realizing just how stupid I can be by the second.
I don't want to have to do port forwarding but I will if I must. Suggestions?
[Edit]
Aha, so I was given good advice (re L7)!
Well, then my question is now whether PFsense's L7 implementation (which I currently see as "block" only) will encompass this?
-
Thats the only current way to do it at the moment.
I'm realizing just how stupid I can be by the second.
I don't want to have to do port forwarding but I will if I must. Suggestions?
-
dagnabit!
I tried squid before but Lordy did it slow down the whole network.
Is there a reference on squid and pfsense? I could have easily bungled the whole thing.
-
http://www.squid-cache.org/
-
Pffft!
I just downloaded ISA off of MSDN, figuring I should use it. Now, here's the irony, it doesn't run on a 64bit computer. All our servers are 64bit computers.
Squid it is.
-
Just put it in a virtual pc running 32 bit… ;)
Pffft!
I just downloaded ISA off of MSDN, figuring I should use it. Now, here's the irony, it doesn't run on a 64bit computer. All our servers are 64bit computers.
Squid it is.
-
And another thing, I'm starting to hate today real bad, I installed squid about an hour ago, and now it won't uninstall. Tried going to the command line and typed "pkg_info" but its not there, meanwhile, looking at the list of installed packages, its there and will not go away. Rebooting is not helping.
Man, you're hating me now aren't you? :)
Thank you LOADS for putting up with me today man, real nice of you.
-
No worries :)
-
I tried squid before but Lordy did it slow down the whole network.
Is there a reference on squid and pfsense? I could have easily bungled the whole thing.
http://forum.pfsense.org/index.php/topic,7186.msg59302.html#msg59302
http://doc.pfsense.org/index.php/Squid_Package_TuningTry those. I've been quite happy with squid on 1.2.3, but it did require some tweaking as per above. I think some of the noted changes are automatically adjusted in 2.0.
-
Nice, thanks, but would you know of any decent "tutorials" on how to work with squid? Or should I stick to what's available on their site?
Also, a question that is begging to be answered now is whether anyone knows if PFsense 2.0 is coming out with an answer to my predicament in its release build?
-
Nice, thanks, but would you know of any decent "tutorials" on how to work with squid? Or should I stick to what's available on their site?
You might try this one. It's not really in-depth, as I recall, and he's running it on Linux rather than pfsense, but it's the only thing I know of off hand.
http://www.anandtech.com/show/3715/family-proxy
-
Nice, thanks, but would you know of any decent "tutorials" on how to work with squid? Or should I stick to what's available on their site?
There is a lot of info here on the forum, and also on the doc wiki:
http://doc.pfsense.org/index.php/Setup_Squid_as_a_Transparent_Proxy
http://doc.pfsense.org/index.php/SquidGuard_packageBut they don't cover doing what you are asking originally
Also, a question that is begging to be answered now is whether anyone knows if PFsense 2.0 is coming out with an answer to my predicament in its release build?
What you want to do, route traffic based on hostname, is best accomplished by a lightweight reverse proxy of some kind, not necessarily squid. There are packages for haproxy, mod_security, and varnish, I believe they can all do this.
