Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    One hostname two different IP addresses (Both internal)

    Scheduled Pinned Locked Moved DHCP and DNS
    5 Posts 2 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pr3dict
      last edited by

      5 networks:

      Wan: 178.10.10.0

      Lan0: 192.168.0.0

      Lan1: 192.168.1.0

      Lan2: 192.168.2.0

      Lan3: 192.168.3.0

      So I have Https://mywebsite.com goes to PFSense public IP and gets forwarded to a webserver in Lan0 192.168.0.1

      If someone from inside lan1 tries to access the above URL PFsense currently has Nat reflection on and it directs to 192.168.0.1 fine.

      NOW…. I have another webserver in lan2 at 192.168.2.1

      If a computer from inside lan 3 tries to access Https://mywebsite.com I want them to be directed to Lan2's webserver, not lan 0!

      I think I need Split DNS and access control lists based on the source IP/Network but I cannot see any documentation on that inside PFSEnse or on the forums. IS this something that PFsense can do or do I need something else to handle the DNS/proxying or whatever?

      Thank you!

      1 Reply Last reply Reply Quote 0
      • P
        pr3dict
        last edited by

        Bump… Anyone?!?!?

        1 Reply Last reply Reply Quote 0
        • johnpozJ
          johnpoz LAYER 8 Global Moderator
          last edited by

          Pfsense can do this with bind package, which supports views.  Dnsmasq the forwarder can use

          -y, –localise-queries
              Return answers to DNS queries from /etc/hosts which depend on the interface over which the query was received. If a name in /etc/hosts has more than one address associated with it, and at least one of those addresses is on the same subnet as the interface to which the query was sent, then return only the address(es) on that subnet. This allows for a server to have multiple addresses in /etc/hosts corresponding to each of its interfaces, and hosts will get the correct address based on which network they are attached to. Currently this facility is limited to IPv4.

          But since your saying you want to return a IP that is different than the network the query would of come from I don't think that will work.

          Your best bet is bind with views.

          Why would you not just more specific fqdn.. So if you query www.yourdomain.tld you get the server on lan0, if you query www.lan2.yourdomain.tld you would get the IP of the server on lan2.

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.8, 24.11

          1 Reply Last reply Reply Quote 0
          • P
            pr3dict
            last edited by

            Thank you for your response. The reason I need to do it this way is because the server is actually multi-homed. The easiest way I can explain this is that I have 1 of my servers that serves up a few different web front ends and one of them needs to be in two networks at once because one of the networks does not have access to any other network except itself.

            Is another work around to use a proxy server for all of this? I am planning on using a reverse proxy to hide the ports of all the stuff I am using and make a little buffer but havent done that yet.

            1 Reply Last reply Reply Quote 0
            • johnpozJ
              johnpoz LAYER 8 Global Moderator
              last edited by

              What does a multihomed server have to do with it??  Nothing your pointing a fqdn to an IP.. Doesn't matter if all those IPs are the same box or not..

              Yes from the outside if you want to poing www.domainX.com to IPX and www.domainY.com or host.domainX.com to IPY then yes a reverse proxy would be able to do that.

              An intelligent man is sometimes forced to be drunk to spend time with his fools
              If you get confused: Listen to the Music Play
              Please don't Chat/PM me for help, unless mod related
              SG-4860 24.11 | Lab VMs 2.8, 24.11

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.