Pfsense Subdomain Blues
-
Hello community!
I would like to ask a bit of a challenging question here in regards to domains on my homelab network and just how I can get them finally working for the things I want them to.
I am setting up my own services for personal and family use, currently consisting of a Teamspeak server, Minecraft game server (FTB modded series) and soon to be a Mail and web server. I am currently running into some annoying issues in regards to getting my domain, sarentech.com, directed to the proper services that I need clients to connect to upon entering my url into the various programs in which they use.
So far, I have tried using DNS forwarding, NAT services and a Squid Reverse-Proxy, (which I will go into more detail on below) to little effect. Below I will show a general graph of what I want to have happen here:
teamspeak.sarentech.com –---v |>---- TeamspekServer:9987
mailuser@sarentech.com ------>----- > PFSense |>--- Mailserver:12345(Or some real port)
ftbminecraft.sarentech.com ----^ |>---- GameServer:25565
(website) sarentech.com -------^ |>---- WebServer:8080So, as seen above, I am wanting some sort of intermediary, preferably within my Pfsense router I already have installed, to direct traffic straight to whichever server I chose based on whichever url is entered into the program of choosing.
As an example, Teamspeak allows for a url and port to be entered. I would like to just allow the user to enter one of my subdomains and access it directly, even if I chose a different port for that particular server (multi-server setups if I ever get into that). Same for Minecraft, email, etc.
So far, my main configuration has been through NAT and firewall rules, DNS forwarding, or through the Squid reverse-proxy, which is what many forums, including PFSense's forum, have suggested to implement. I have lately been sticking to the reverse-proxy method with Squid, so that is what I will show as my examples here.
For this test, I tried setting up my Minecraft forwarding first, as it's been the most puzzling for me so far:
Here are the general settings:
(also, even though the image shows the service not activated, I did activate it after taking this screenshot)
Here are the Server Settings:
And Here are the mappings settings:
In my Minecraft launcher, I receive a "can't resolve hostname" message almost instantly after refreshing the list. I don't think it is because I'm accessing through LAN as I have that set up properly under the proxy (I think?).
So ya, anyone have some pointers or at least a tutorial to go by better than this one I've been trying to follow?
https://www.reddit.com/r/homelab/comments/2vyiiy/til_reverse_proxy_via_squid_in_pfsense/
-
Any hints from the community? I am still pretty stumped on just how I can get things to work properly here.
-
Still looking for some help here!
I have now had a request for a second Minecraft server to be installed on my equipment, making it crucial for my PFSense box to know just where to direct different url's to specific server instances on my game server.
(AKA play.domain.com –-> 192.168.4.44:25565 and play2.domain.com ---> 192.168.4.44:25566).I am also trying to set web up in a similar way, though with different domains for different services
(aka domain1.com ---> 192.168.4.45:80 and domain2.com ---> 192.168.4.45:84).Soooo... I hope this clears things up a bit? I really, really do need help with this!
-
If you want to forward to different IPs/Ports behind pfsense based upon some fqdn, ie "play.domain.com" You need to use a reverse proxy.. Pfsense itself has no clue to what play.domain.com is..
-
If you want to forward to different IPs/Ports behind pfsense based upon some fqdn, ie "play.domain.com" You need to use a reverse proxy.. Pfsense itself has no clue to what play.domain.com is..
Perfect! That is what I was hoping Squid Reverse Proxy was going to do for me, but for some reason, it doesn't seem to want to work in the way I'm trying to set it as. Do you mind looking at the images on that first post and see what I could possibly be doing wrong?
Also, I am looking to do this for protocols other than http. Is there a way to do this for other protocols as well? (I don't think Minecraft servers use http protocol to communicate with their servers?)
-
You can't reverse proxy protocols that are not known to the proxy engine. The HTTP reverse proxying is possible because the real destination FQDN is directly visible in the HTTP headers. This is not the case with many game protocols because they don't have such headers to look at.
-
You need to get more public IPv4 from your isp to handle traffic that is not able to be proxied. Or use ipv6.. Or just use the ports with your fqdn..
So tell your users to connect to your gameserver use ftbminecraft.sarentech.com:25565
All of these different names all just point to the single public IP you have if you can not use a reverse proxy that understands the fqdn your sending in the headers then yeah your going to have to tell pfsense to forward traffic based upon the dest port.