One hostname two different IP addresses (Both internal)



  • 5 networks:

    Wan: 178.10.10.0

    Lan0: 192.168.0.0

    Lan1: 192.168.1.0

    Lan2: 192.168.2.0

    Lan3: 192.168.3.0

    So I have Https://mywebsite.com goes to PFSense public IP and gets forwarded to a webserver in Lan0 192.168.0.1

    If someone from inside lan1 tries to access the above URL PFsense currently has Nat reflection on and it directs to 192.168.0.1 fine.

    NOW…. I have another webserver in lan2 at 192.168.2.1

    If a computer from inside lan 3 tries to access Https://mywebsite.com I want them to be directed to Lan2's webserver, not lan 0!

    I think I need Split DNS and access control lists based on the source IP/Network but I cannot see any documentation on that inside PFSEnse or on the forums. IS this something that PFsense can do or do I need something else to handle the DNS/proxying or whatever?

    Thank you!



  • Bump… Anyone?!?!?


  • LAYER 8 Global Moderator

    Pfsense can do this with bind package, which supports views.  Dnsmasq the forwarder can use

    -y, –localise-queries
        Return answers to DNS queries from /etc/hosts which depend on the interface over which the query was received. If a name in /etc/hosts has more than one address associated with it, and at least one of those addresses is on the same subnet as the interface to which the query was sent, then return only the address(es) on that subnet. This allows for a server to have multiple addresses in /etc/hosts corresponding to each of its interfaces, and hosts will get the correct address based on which network they are attached to. Currently this facility is limited to IPv4.

    But since your saying you want to return a IP that is different than the network the query would of come from I don't think that will work.

    Your best bet is bind with views.

    Why would you not just more specific fqdn.. So if you query www.yourdomain.tld you get the server on lan0, if you query www.lan2.yourdomain.tld you would get the IP of the server on lan2.



  • Thank you for your response. The reason I need to do it this way is because the server is actually multi-homed. The easiest way I can explain this is that I have 1 of my servers that serves up a few different web front ends and one of them needs to be in two networks at once because one of the networks does not have access to any other network except itself.

    Is another work around to use a proxy server for all of this? I am planning on using a reverse proxy to hide the ports of all the stuff I am using and make a little buffer but havent done that yet.


  • LAYER 8 Global Moderator

    What does a multihomed server have to do with it??  Nothing your pointing a fqdn to an IP.. Doesn't matter if all those IPs are the same box or not..

    Yes from the outside if you want to poing www.domainX.com to IPX and www.domainY.com or host.domainX.com to IPY then yes a reverse proxy would be able to do that.


Log in to reply