Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How can I direct requests internally?

    Scheduled Pinned Locked Moved Routing and Multi WAN
    6 Posts 2 Posters 551 Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E Offline
      eiger3970
      last edited by

      Hello, I've just fixed a port forward issue as per https://forum.netgate.com/topic/140041/new-pfsense-vm-installed-now-port-forwards-fail/10

      So, now on an internal LAN machine, browsing to www.domain.com, the pfSense router's login page loads.

      I think I need to tell the pfSense router to direct requests internally to the webserver. The webserver is behind the pfSense router. Would this be a port forward from machine 192.168.1.120 to webserver ip 192.168.1.145?

      1 Reply Last reply Reply Quote 0
      • DerelictD Offline
        Derelict LAYER 8 Netgate
        last edited by

        The best thing to do is enable split DNS, so when 192.168.1.120 asks for the address of www.domain.com, it gets 192.168.1.145 as an answer, not the public IP address.

        If you absolutely cannot do that you need to enable NAT reflection.

        If you do that you have to disable the HTTP port redirect and set a custom port for the https web gui. (System > Advanced)

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • E Offline
          eiger3970
          last edited by

          Thank you for the advice.

          I read the pfSense book > Services > DNS Forwarder and tried the configuration in pfSense > Services > DNS Forwarder.

          I’m not sure if this is the correct location to create a DNS split as error: The DNS Resolver is enabled using this port. Choose a non-conflicting port, or disable DNS Reolver.

          Also, I notice your signature says do not chat for help. Do you mean no irc questions, why?

          1 Reply Last reply Reply Quote 0
          • DerelictD Offline
            Derelict LAYER 8 Netgate
            last edited by

            I am not on IRC. If you want a question answered, I prefer you do not use that.

            I am not on IRC so I won't hear you there either.

            You can do host overrides in Resolver too. You can't run forwarder and resolver on the same port at the same time.

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 0
            • E Offline
              eiger3970
              last edited by

              Ok, added DNS Resolver Host Override, however LANMachine1 still loads pfSense login page, rather than domain.com?
              0_1548981484449_54092509-4f09-4374-9614-19c0aa28b0be-image.png

              1 Reply Last reply Reply Quote 0
              • DerelictD Offline
                Derelict LAYER 8 Netgate
                last edited by Derelict

                In the case of using just the 2LD for a web server (too bad that actually became a thing 20 years ago) you probably have to set the hostname to domain and the domain to com.

                Or set the hostname to www and the domain to domain.com and set the additional name for the host to hostname domain and domain to com.

                I would also see if it works instead with a blank hostname and a domain domain.com in the additional names section. If that makes a proper CNAME that's probably the say to go.

                Chattanooga, Tennessee, USA
                A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                Do Not Chat For Help! NO_WAN_EGRESS(TM)

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.