Redirect fqdn – possible?



  • So I don't think I can do what I want but I stated working with Aliases about ten hours ago and I'm just a bit brain dead. I think the answer revolves around whether or not an IP packet carries the FQDN or just the IP address and from that statement you can clearly see where my lack of knowledge lays.  (BTW, I've never used aliases before and they are really cool!)

    At any rate I want to RDP to multiple hosts behind the FW without the necessity of entering a different port for each of them.

    For example:
    Instead of using 1.mydomain.com:3390  2.mydomain.com:3391  3.mydomain.com:3392 to get to the hosts behind the FW, I'd like to access the hosts using just  1.mydomain.com  2.mydomain.com  3.mydomain.com

    Can't be done can it?



  • If you have different IP addresses for each host you want to reach, you can access them via FQDN and do not need different ports.
    But that has nothing to do with aliases. Aliases are just used by pfSense for simplifying rules. They cannot be used by an RDP client.

    For resolving FQDNs you have to use a DNS.

    If you want to RDP from WAN, I suggest to tunnel it over OpenVPN and use internal DNS for resolving host names.


  • LAYER 8 Global Moderator

    to you host1.domedomain.com and host2.somedomain.com and host3.somedomain.com from the public internet you would have to have 3 different public IPs on your wan that you could forward port to rdp on your hosts behind the nat.

    As mentioned already by viragomann much easier to just vpn, then you can access anything you want on your lan using their host names that you resolve via dns.



  • Do I remember it correctly that the HAProxy Package can be used for something like that?
    https://github.com/PiBa-NL/pfsense-haproxy-package-doc/wiki
    Or is it for http(s) traffic only?

    edit: it is for HTTP(s) traffic only. Sorry for the confusion.



  • Thanks guys.

    I kinda figured that I was attempting something not doable. Kinda glad too, 'cause if it were possible I would have had to completely rethink what I think I know about IP.

    I hate to use up public IPs just so I can occasionally get to these hosts (rarely used management PCs) so I guess a VPN is the way I'll go. Thanks for the input.


Log in to reply