Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    HTTPS Redirect to different internal IP's

    Routing and Multi WAN
    4
    13
    2.5k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      NoNameNone
      last edited by

      @KOM:

      Sure, but that's more of a DNS issue and not a routing issue.

      Forefront TMG could do this, nothing to do with DNS.

      3 URLS,s would hit the public IP on the TMG server and the Firewall would redirect each to the internal IP required.

      1 Reply Last reply Reply Quote 0
      • KOMK
        KOM
        last edited by

        Forefront TMG could do this, nothing to do with DNS.

        Resolving a hostname to an IP address has nothing to do with DNS?  OK then.

        Stop thinking about how TMG would do it.  If you want FQDNs to be resolved to their internal IP address, then update your internal DNS so it resolves these properly, or enable NAT Reflection and continue to use their external IP addresses.

        1 Reply Last reply Reply Quote 0
        • N
          NoNameNone
          last edited by

          Maybe ive explained it wrong.

          All 3 external FQDN's point to a single static EXTERNAL ip address on the pfsense Firewall.

          Now depending on the FQDN, I want each to point to a specific IP on the LAN, so…..

          https://Server1.domain.com ----------\                                /----------- 192.168.0.1 (Server1) on LAN
          https://Server2.domain.com ----------- Public IP on Firewall ------------ 192.168.0.2 (Server2) on LAN
          https://Server3.domain.com ----------/                                ----------- 192.168.0.3 (Server3) on LAN

          Only port in use is HTTPS (443)

          Hope the above better explains it

          1 Reply Last reply Reply Quote 0
          • KOMK
            KOM
            last edited by

            Your explanation was good enough the first time.  My advice is still valid.  Update your internal DNS so those domains resolve to the 192.168.0.x addresses.  It's that simple.

            1 Reply Last reply Reply Quote 0
            • D
              doktornotor Banned
              last edited by

              Use haproxy with SNI. Done.

              1 Reply Last reply Reply Quote 0
              • johnpozJ
                johnpoz LAYER 8 Global Moderator
                last edited by

                yeah you need to use a reverse proxy for that sort of thing.

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                1 Reply Last reply Reply Quote 0
                • KOMK
                  KOM
                  last edited by

                  Disregard pretty much everything I said.  I completely missed that you were coming in from WAN, not LAN.

                  1 Reply Last reply Reply Quote 0
                  • N
                    NoNameNone
                    last edited by

                    @doktornotor:

                    Use haproxy with SNI. Done.

                    Many thanks for your help.

                    Can I add haproxy to our current squid proxy\port forwarding setup without causing any issues?

                    Thanks again

                    NNN

                    1 Reply Last reply Reply Quote 0
                    • D
                      doktornotor Banned
                      last edited by

                      You need just one reverse proxy (and really only one can listen on a particular IP/port combination). Are you already using Squid as reverse proxy?

                      1 Reply Last reply Reply Quote 0
                      • N
                        NoNameNone
                        last edited by

                        @doktornotor:

                        You need just one reverse proxy (and really only one can listen on a particular IP/port combination). Are you already using Squid as reverse proxy?

                        At the moment, we are using it as a Forward proxy

                        1 Reply Last reply Reply Quote 0
                        • D
                          doktornotor Banned
                          last edited by

                          Well then there's no problem with that. (Would stronly suggest to exclude the servers from Squid.)

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.