Reverse dns on pfsense



  • Hi guys,
    i never done this before that why i am asking hope someone can help.
    on my production i have two LANS, LAN1 production and LAN2 is LAB.
    on LAN1 have already port 443 NAT to one server
    I want to have port 443 also NAT to lan2 ,
    on both sides there is a active directory windows server.
    is this even possible ?

    thank you


  • Rebel Alliance Global Moderator

    What does that have to do with split dns??

    So your saying you forwarded traffic that pfsense sees on its wan on port 443 to a box on your lan1 network to 443.  And now you want to also forward 443 to something on lan2

    Does pfsense have more than 1 IP on its wan?  If not then no you can not forward the same port to 2 different IPs behind pfsense.

    Is pfsense actually natting?  Is pfsense wan connected to internet or some other network of yours that is rfc1918?  These devices that you want to allow 443 to your lan1 and your lan2 are they on the internet or some other network of yours that is rfc1918?



  • @johnpoz:

    What does that have to do with split dns??

    So your saying you forwarded traffic that pfsense sees on its wan on port 443 to a box on your lan1 network to 443.  And now you want to also forward 443 to something on lan2

    Does pfsense have more than 1 IP on its wan?  If not then no you can not forward the same port to 2 different IPs behind pfsense.

    Is pfsense actually natting?  Is pfsense wan connected to internet or some other network of yours that is rfc1918?  These devices that you want to allow 443 to your lan1 and your lan2 are they on the internet or some other network of yours that is rfc1918?

    Hi John the Pfsense has 1 WAN,
    each LAN has a separated subnet , LAN 1 10.0.0.0/24 LAN 2 10.0.1.0/24.
    between the LAN1 and LAN2 the rule is to drop everything.
    the Devices that are gonna listen to port 443 are two different exchange servers for two different domains. totally isolatie from each others.
    thank you


  • Rebel Alliance Global Moderator

    If its 2 different domains then you could use reverse proxy to see hey you want exchange.domainA.com go to lan1 ip, oh you want exchange.domainB.com you go to lan2



  • @johnpoz:

    If its 2 different domains then you could use reverse proxy to see hey you want exchange.domainA.com go to lan1 ip, oh you want exchange.domainB.com you go to lan2

    thank you John for your answer.
    the Pfsense is virtual and between the pfsense and internet there is a ISP router.
    so installing a reverse proxy on the pfsense woud make it work. and of course a second WAN ?
    is there some tutorial how to configure the reverse proxy for this matter ?

    thank you


  • Rebel Alliance Global Moderator

    you would have to install package.  Squid for example can be a reverse proxy.. Or the haproxy package.  Pretty sure there are some help or guides all over for either of those..  I have not really looked into since don't really have any need for it on my pfsense setups.



  • @johnpoz:

    you would have to install package.  Squid for example can be a reverse proxy.. Or the haproxy package.  Pretty sure there are some help or guides all over for either of those..  I have not really looked into since don't really have any need for it on my pfsense setups.

    thank you so much John,
    someone how i can't add the second WAN with 1 Gateway. the gateway is already in use
    any suggestions how to do so ?
    the error is
    he following input errors were detected:
    IPv4 address 192.168.1.6/24 is being used by or overlaps with: WAN (192.168.1.3/24)

    thank you


  • Rebel Alliance Global Moderator

    why would your wans not be public IPs?  So they are behind a nat, what is natting them?  Yeah you can not put 2 different interfaces in the same network.



  • @Jamerson:

    @johnpoz:

    What does that have to do with split dns??

    So your saying you forwarded traffic that pfsense sees on its wan on port 443 to a box on your lan1 network to 443.  And now you want to also forward 443 to something on lan2

    Does pfsense have more than 1 IP on its wan?  If not then no you can not forward the same port to 2 different IPs behind pfsense.

    Is pfsense actually natting?  Is pfsense wan connected to internet or some other network of yours that is rfc1918?  These devices that you want to allow 443 to your lan1 and your lan2 are they on the internet or some other network of yours that is rfc1918?

    Hi John the Pfsense has 1 WAN,
    each LAN has a separated subnet , LAN 1 10.0.0.0/24 LAN 2 10.0.1.0/24.
    between the LAN1 and LAN2 the rule is to drop everything.
    the Devices that are gonna listen to port 443 are two different exchange servers for two different domains. totally isolatie from each others.
    thank you

    If those Exchange server are in different DNS domains - use HAProxy, add both servers as backend and route between them by their hostname ("hostname contains" rule in HAProxy)



  • @pan_2:

    If those Exchange server are in different DNS domains - use HAProxy, add both servers as backend and route between them by their hostname ("hostname contains" rule in HAProxy)

    That will work alright as long as traffic is http/https but if you also expect to perform such a trick for other protocols like SMTP for example, that is not going to work, as no initial header is send by the client to determine the right backend. Just f.y.i.  ;)

    Regards,
    PiBa-NL