Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IP forwarding using web address

    Scheduled Pinned Locked Moved General pfSense Questions
    5 Posts 4 Posters 1.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • V
      veldthui
      last edited by

      I am trying to set up a web server at home. However I also have an Exchange server at home and it requires the same ports as the web server for webmail.
      My setup is a Vigor 2860 modem/router which I use to port forward the mail ports and the web ports to the exchange server on 192.168.0.3.

      Can I use pfSense to forward to different IP addresses based on the address? Example webmail.mynet.com gets forwarded to 192.168.0.3 and blog.mynet.com gets forwarded to 192.168.0.6. As I am sitting behind 1 IP for the internet connection I am finding it hard to work out. Tried to do it in the modem/router but does not seem to have an option to forward based on address only by port.

      1 Reply Last reply Reply Quote 0
      • F
        floridait
        last edited by

        have you taken a look at reverse proxy ?

        https://blog.briantruscott.com/how-to-serve-multiple-domains-from-a-single-public-ip-using-haproxy-on-pfsense/

        1 Reply Last reply Reply Quote 0
        • johnpozJ
          johnpoz LAYER 8 Global Moderator
          last edited by

          I started skimming that link… Right from the start I see problems with this persons understanding how this works..

          "Under Destination select This Firewall (self) from the dropdown menu and then under Destination Port select HTTP (80) for both the From and To menus."

          Using this firewall (self) as destination on your wan firewall rule is not very good idea..  This built in alias includes all IPs of the firewall, not just the wan address.. Which would be the proper dest for traffic from outside pfsense hitting your wan IP.. Also you do not need to set http as to in the port selection.. Just setting http is fine your not setting a range.

          Nor did I see any mention to make sure your pfsense web gui is not using 80 or 443 for its ports.

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.8, 24.11

          1 Reply Last reply Reply Quote 0
          • L
            lveatch
            last edited by

            I've been recently playing with haproxy on pfsense as well.  Here is what I've learnt .

            @johnpoz:

            "Under Destination select This Firewall (self) from the dropdown menu and then under Destination Port select HTTP (80) for both the From and To menus."

            haproxy (front end "SharedFrontend") should be bound to your WAN IP on port 80, where as your pfsense admin ui is bound to *:80.  This should allow both to co-exist and route accordingly.

            @johnpoz:

            Using this firewall (self) as destination on your wan firewall rule is not very good idea..

            My understanding of "this firewall (self)" is the ip associated with the interface referenced on the firewall rule.  Therefore, this rule will allow the internet to connect to the WAN ip:80 which is bound to haproxy, not pfsense.  haproxy will then forward request to the appropriate backend.

            1 Reply Last reply Reply Quote 0
            • johnpozJ
              johnpoz LAYER 8 Global Moderator
              last edited by

              No that is not the case that firewall (self) is just a built in alias that is all IPs on ALL interfaces on the firewall..

              https://doc.pfsense.org/index.php/Firewall_Rule_Basics
              This Firewall (self) - Any IP address assigned to any interface on this firewall (pfSense 2.2+)

              If you want the dest to be the IP of an interface, then you should pick the drop down address of that interface, ie Wan Address.. Not this firewall..

              "haproxy (front end "SharedFrontend") should be bound to your WAN IP on port 80, where as your pfsense admin ui is bound to *:80.  This should allow both to co-exist and route accordingly."

              Again NO - since you are creating a RACE condition on what is going to bind to what on port 80…

              An intelligent man is sometimes forced to be drunk to spend time with his fools
              If you get confused: Listen to the Music Play
              Please don't Chat/PM me for help, unless mod related
              SG-4860 24.11 | Lab VMs 2.8, 24.11

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.