Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Virtual Web Server

    Installation and Upgrades
    2
    7
    1648
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      thefuzz4 last edited by

      So after many years of being on Astaro/Sophos UTM I am beginning the transition over to PFSense.

      One of the items that I'm looking for is that Sophos has the ability to do a virtual webserver where I can slap a URL on the sophos IP address in the DNS and then have it point back to an actual webserver.  Say for example I have this webservice listening on port 8080 but for simplicity I just give it a url that points to sophos and sophos listens on port 80 and which URL to listen for and it handles it.

      I'm sure that there is something here inside of pfsense that will allow me to do this I'm just not familiar enough yet with the product.  I know there isn't going to be an apples to apples migration but I've been having fun learning how to get things setup in this.

      1 Reply Last reply Reply Quote 0
      • P
        phil.davis last edited by

        I am guessing that you want to use:

        1. Dynamic DNS to enter your URL details and pfSense will keep the name updated to the current public IP with your dynamic DNS provider.
        2. Port Forwarding - forward the relevant port(s) on the public IP through to the internal IP address and port of the webserver, including (default) option to create a firewall rule to allow traffic to the port(s) on the public IP.

        As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
        If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

        1 Reply Last reply Reply Quote 0
        • T
          thefuzz4 last edited by

          So in this case it would be for external only.  So that I can just punch in the url in the browser and off we go.  Keeps the family members happy that way.

          1 Reply Last reply Reply Quote 0
          • P
            phil.davis last edited by

            @thefuzz4:

            So in this case it would be for external only.  So that I can just punch in the url in the browser and off we go.  Keeps the family members happy that way.

            That will work happily to service users out on the public internet. To also use the same name from your internal LAN you could use NAT reflection, which will turn around LAN packets in pfSense and pump them back out to the server, which is already on LAN (or some interface-subnet local to pfSense. But the easy way is to add a host override in pfSense DNS to say "server.example.com" is "192.168.42.43" - that way a client inside the local private network is told directly the private IP of the server, and then their traffic goes directly to the server, without it having to bother pfSense.

            As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
            If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

            1 Reply Last reply Reply Quote 0
            • T
              thefuzz4 last edited by

              Cool thanks Phil yeah some of these services at the house are internal only no need to expose them to the wild.  But say its running on port 8000 or something arbitrary.  I could point the DNS back to the backend server but then the user needs to remember the port number.  No problem for me being the IT guy of the house :) but for the rest of the family it'd be easier if there was just a Load Balancer type setup in front of the server that just handled the port 80 traffic and sent it back.  Kinda like a reverse proxy setup.

              1 Reply Last reply Reply Quote 0
              • T
                thefuzz4 last edited by

                Crap my first reply should've read internal only.  Typo on my part.

                1 Reply Last reply Reply Quote 0
                • T
                  thefuzz4 last edited by

                  Ok so figured out how to get this done with HAProxy.  I like it.  Thank you.

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post