Virtual Web Server



  • So after many years of being on Astaro/Sophos UTM I am beginning the transition over to PFSense.

    One of the items that I'm looking for is that Sophos has the ability to do a virtual webserver where I can slap a URL on the sophos IP address in the DNS and then have it point back to an actual webserver.  Say for example I have this webservice listening on port 8080 but for simplicity I just give it a url that points to sophos and sophos listens on port 80 and which URL to listen for and it handles it.

    I'm sure that there is something here inside of pfsense that will allow me to do this I'm just not familiar enough yet with the product.  I know there isn't going to be an apples to apples migration but I've been having fun learning how to get things setup in this.



  • I am guessing that you want to use:

    1. Dynamic DNS to enter your URL details and pfSense will keep the name updated to the current public IP with your dynamic DNS provider.
    2. Port Forwarding - forward the relevant port(s) on the public IP through to the internal IP address and port of the webserver, including (default) option to create a firewall rule to allow traffic to the port(s) on the public IP.


  • So in this case it would be for external only.  So that I can just punch in the url in the browser and off we go.  Keeps the family members happy that way.



  • @thefuzz4:

    So in this case it would be for external only.  So that I can just punch in the url in the browser and off we go.  Keeps the family members happy that way.

    That will work happily to service users out on the public internet. To also use the same name from your internal LAN you could use NAT reflection, which will turn around LAN packets in pfSense and pump them back out to the server, which is already on LAN (or some interface-subnet local to pfSense. But the easy way is to add a host override in pfSense DNS to say "server.example.com" is "192.168.42.43" - that way a client inside the local private network is told directly the private IP of the server, and then their traffic goes directly to the server, without it having to bother pfSense.



  • Cool thanks Phil yeah some of these services at the house are internal only no need to expose them to the wild.  But say its running on port 8000 or something arbitrary.  I could point the DNS back to the backend server but then the user needs to remember the port number.  No problem for me being the IT guy of the house :) but for the rest of the family it'd be easier if there was just a Load Balancer type setup in front of the server that just handled the port 80 traffic and sent it back.  Kinda like a reverse proxy setup.



  • Crap my first reply should've read internal only.  Typo on my part.



  • Ok so figured out how to get this done with HAProxy.  I like it.  Thank you.


Log in to reply