Redrects to internal ip ip based on a domain name
-
options are:
1. open a https port to windows server
2. use an ssl vpn like adito on an internal server
3. there are html5 vnc & rdc proxies about but they need to go on an internal serverbut pfsense at this time cannot do this apart from squid etc for http/s and nat or vpn to your rdp's or vnc's
-
ok sadly this is what i was expecting and what i told them when i was given this list of instructions on what can and can not be done on this project. at lest now i can send this into them to show the problem currently has no solution.
I thank you all for your time here and will present them with there choices on what they want and see what the company want to do.once again thank you
ps if anyone wants to make a package that will read any incoming Domain regardless of ports <even if="" it="" checks="" the="" url="" via="" another="" port="">i would be interested in beta testing it but i do understand it does NOT exist at this time.</even>
-
" show the problem currently has no solution."
Not actually true - there is a solution, use ports on the end of the url:123 etc.. Or another solution would be to get more public IPs so you could assign different fqdn and therefore different IPs that you need to get to behind your nat router.
Your issue is your trying to use 1 public ip with multiple boxes behind it all listening on the same port.
-
ps if anyone wants to make a package that will read any incoming Domain regardless of ports <even if="" it="" checks="" the="" url="" via="" another="" port="">i would be interested in beta testing it but i do understand it does NOT exist at this time.</even>
This isnt possible for anything besides HTTP because most services (like RDP) will just resolve the name and connect to the IP and forget about the name. HTTP does the same thing but what makes it different is INSIDE the request it sends the FQDN it was trying to connect to in the first place inside the headers. That is how a web server or reverse proxy can figure out what to send to where. In pure RDP, that header with the FQDN in it simply does not exist.
-
slightly off topic (as it's not pfsense) but rather a reverse proxy (like i mentioned above), take a look at guacamole.
it's a clientless html5 vnc & rdp proxy and runs a treat even behind squid.
http://guac-dev.org/ -
Sounds great but really fast look viewed, that there is only linux support, am i wrong?
-
Yeah you have to run it on a linux OS, but what you access with rdp or vnc could be any OS that supports those.. Windows would be RDP. Rut it on a VM if don't have any linux boxes around.
-
there is also thinvnc & thinrdp for windows which are free but an only be used on each client whereas the server (cost) can do the proxy.
-
I have Linux and Windows based machines at home, but i'm somewhat curious how to set this up.
Is it, that all connections to 5900 and 3389-3390 is portforwarded to linux machine and after that quacamole direct's it right point based on domain? -
guac is a proxy (much like squid)
you simply point your browser at guac and you are confronted with a logon page. depending on how you have configured the mappings, depends on what you are confronted with.
to point your browser at gauc from external, you will need to create a A record or use your public ip and open up either 80 or 443 and point it to the guac server.
alternatively, you can use squid and map to guac.
