How do I route port 80/443 traffic for only one application, local proxy?



  • So I am very familiar with the basics of routing traffic, and have been using pfsense successfully for the last several years for QoS.

    Recently I have been giving VPN service a try and have configured it so that the traffic from certain hosts on my local network go through the VPN connection which is configured directly on pfsense.

    Today I have been experimenting with routing only particular ports of a particular local host through the VPN.

    Now the tricky part…. What I would like is a way to forward port 80 and 443 but only when those ports are used for a particular application (in this case a games launcher) This way any regular traffic on 80 and 443 does NOT go though the VPN, only the port 80 and 443 traffic originating from the particular game launcher/application.

    I read about ephemeral ports, they appear to be random, so I am not sure the application local port would work unless there is a way to restrict the application to a particular range.

    The other idea I had was some kind of locally installed proxy directly on the system, that tunnels the traffic for only that application over a particular port so that I can differentiate that traffic on pfsense for routing.

    and maybe there is an easier way, I am just not sure how to go about telling the different between regular web traffic and game web traffic when they are both on port 80/443. any help and feedback is appreciated!

    In this particular instance the client machine I am wanting to set this up for is running windows 7, however I also often run linux, so I am interested in both of those set ups if they are OS dependent.

    When I think about the problem in my head, the solution I come up with is something I install or configure on windows that takes any port 80 traffic from the game client and routes it to say 8080, this way I can distinguish it when it hits pfsense, then I can take that port 8080 traffic and change the port back to 80 instead of 8080 and forward it to the VPN .... I dont know if this particular type of setup is something that is doable.... but surely there must be a way to differentiate the web traffic from different applications with the right solution.

    Also I am not looking for somebody to spell out the entire setup for me, I know that can take quite a bit of time, just a couple links or if it involves using a particular application, the name of it. Using the search terms I have tried so far, I am not coming up with any workable solutions.