Redirect FQDN internally

BlazeStar · Jan 22, 2015, 4:06 PM

Not sure how to call what I'm trying to do is called so I'll just describe it.

From the computers in the LAN.

I want pfSense to redirect some FQDNs to internal IPs

For example :

CRM.domain.com => 10.0.1.1
ERP.domain.com => 10.0.1.2

How can I do that please?

Thanks!

firewalluser · Jan 22, 2015, 4:18 PM

What version of pfsense are you using?

If you are using 2.1, then you might be using the dns forwarder which means the Host overrides might do what you want to do, but this is based on similar suggestions seen elsewhere in the forum pages.

Heimire · Jan 22, 2015, 4:35 PM

Like firewalluser said, in 2.1 you can use the DNS forwarder.

Its under Services/DNS forwarder.
Enable it.
Select the interface.

Host: crm
domain: domain.com
IP 10.0.1.1

I think it updates every 5 minutes if I remember correct.

KOM · Jan 22, 2015, 5:25 PM

If you already have an existing DNS, you can create your FQDNs and point them to the LAN IPs. Otherwise, do as the others have said and use the pfSense DNS forwarder with a host override. This is known as split DNS and it is the preferred way over NAT Reflection to access internal resources using their public names.

BlazeStar · Jan 22, 2015, 5:46 PM

Thanks for the replies !

I should have said, I'm using 2.1.5-RELEASE

I used the DNS forwarder, it's exactly what I was looking for.

However, for one of my server, it uses port 8069

So externally, when people type in ERP.domain.com the reverse proxy will forward port 80 to 8069 and it will be "seamless" for external users.

With the DNS forwarder, it will not do the "port conversion" is there any way to do that?

KOM · Jan 22, 2015, 6:20 PM

DNS doesn't care about ports at all. Just create a port forward for your public IP port 80 to LAN IP port 8069. Usually the NAT rule you create automatically adds the correlating firewall rule, but check to be sure.

mikeisfly · Jan 22, 2015, 6:50 PM

Or you could setup your own dns server and configure your dhcp server to point to that for dns info. I'm using Windows Server 2012 R2.

BlazeStar · Jan 23, 2015, 12:20 AM

Took a simpler route for now… added a firewall rule in the CentOS 7 that was installed of the 8069 computer so if forwards all trafic on port 80 to 8069.

In the end, all is working like I wanted... thanks all!

KOM · Jan 23, 2015, 2:01 AM

The fun thing about networking is there are often several ways to configure something. The trick is to know which is best.