• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Redirecting Domain to internal server using Host Override and HAProxy

Scheduled Pinned Locked Moved DHCP and DNS
6 Posts 3 Posters 2.0k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • P
    ProxyMoron
    last edited by Jun 10, 2017, 2:31 PM

    Hi All,
      I have a webserver located on an internal network, i want to redirect all queries for that webserver so that they are resolved internally without going to external DNS.

    Externally, my requests come into HAProxy where i do SSL offloading before forwarding onto my internal Webserver.

    I set up a Host Override in DNS Resolver to point to my webserver on my internal network which works fine, but that means that SSL offloading isnt taking place which affects some apps i use as they say the server certificate is untrusted when connecting internally - externally connecting is fine obviously as it goes via HAProxy.

    Is there any way i can setup the DNS resolver Host Override so that in some way it goes via haproxy?

    1 Reply Last reply Reply Quote 0
    • P
      PiBa
      last edited by Jun 10, 2017, 8:55 PM

      Point the hostoverride to your wan-ip? (assuming its static..)

      Or perhaps use the lan-ip and make haproxy frontend listen there as well?. (make sure that the webgui will still be available on a different port)..

      1 Reply Last reply Reply Quote 0
      • C
        coreybrett
        last edited by Jun 14, 2017, 12:54 AM

        I started experimenting with this same setup today and ran into a similar conundrum.

        I have two internal NATed subnets.

        HAProxy is running on the firewall with a back-end in one of my internal networks.

        Is it possible to configure the DNS Resolver (Unbound) to resolve a domain name to the interface address that the lookup came in on?

        Or should I just pick one of my internal networks and have the domain resolve to that interface's address?

        1 Reply Last reply Reply Quote 0
        • P
          PiBa
          last edited by Jun 14, 2017, 5:13 PM

          afaik, with dnsresolver you will need to pick 1 ip to return to all clients.. if you really really want to serve different replies to different clients that might be possible with the Bind package..
          Other option could be to configure a new but different local subnet to the lo0 interface, and use those ip's for binding special services to..

          1 Reply Last reply Reply Quote 0
          • C
            coreybrett
            last edited by Jun 14, 2017, 7:54 PM

            Maybe I am over thinking it.

            Do you think there would be any significant overhead with clients on subnet B accessing HAProxy running on the firewall via the interface address for subnet A?

            1 Reply Last reply Reply Quote 0
            • P
              PiBa
              last edited by Jun 14, 2017, 8:24 PM

              There should be little to no overhead imho, its not like its going to send traffic out the wan interface to the isp and back when you connect to the wan-ip from the lan-net.. It still a ip local to the system which is routed to lo0 both the same for wan-ip and lan-ip.

              1 Reply Last reply Reply Quote 0
              6 out of 6
              • First post
                6/6
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                This community forum collects and processes your personal information.
                consent.not_received