Redirect http on another port for a host override



  • I am using the DNS Resolver and have a host override for a particular host on my internal network. I'd like http traffic for that host to be redirected to port 81? Basically I want to setup an internal reverse proxy for services within my network and want to use port 81 as port 80 is already being used.

    What's the simplest way to achieve this? Thanks


  • LAYER 8 Global Moderator

    What?  That ha nothing to do with a host override.. If the host is on your network, why would you even hit pfsense to hit a forward or reverse proxy to get sent back to a machine on your own network..

    What exactly are you wanting to accomplish.. Why not just hit the box directly at :81 or have it redirect on 80 to 81.. Why would you even need to redirect to 81 and why can you not just hit 80, etc.



  • @johnpoz:

    What?  That ha nothing to do with a host override.. If the host is on your network, why would you even hit pfsense to hit a forward or reverse proxy to get sent back to a machine on your own network..

    What exactly are you wanting to accomplish.. Why not just hit the box directly at :81 or have it redirect on 80 to 81.. Why would you even need to redirect to 81 and why can you not just hit 80, etc.

    Apologies if my question wasn't clear or makes littles sense (which could be the case), networking is not my forte.

    But I thought the point of a host override was for hostnames lookups which you don't want to flow via the standard DNS lookup process, case in point, one local machine on my network…

    More so, on this one machine, I have multiple services running on various ports.

    So what I want to accomplish is the following; I'd like for users on the network, instead of accessing services as [ip:port], to access them as such [MachineName/ServiceName].

    I'm able with a host override to ping MachineName on my network. And I'm assuming a reverse proxy would help me with the /ServiceName portion. But since there's an un-relocatable service on port 80, the reverse proxy would be listening on port 81. Hence the point of my original question.


  • LAYER 8 Global Moderator

    "instead of accessing services as [ip:port], to access them as such [MachineName/ServiceName]."

    That is on your server has zero to do with dns..

    You have a server machine.localdomain.tld

    You htting it via http://machine.locadomain.tld/something or
    http://machine.localdomain.tld/otherthing

    Has nothing to do with dns.. Your host override would just be that machine.localdomain.tld is at 192.168.1.100 for example.

    You setup your machine if they hit /something they get served application ABC, if they go to /otherthing then they get XYZ..

    DNS has nothing to do with ports..  Keep in mind that since your machine is local and on rfc1918 space.. There is nothing saying you can not host your applications on 80 on different IPs… so

    http://something.localdomain.tld
    http://otherthing.localdomain.tld

    where something dns is 192.168.1.100 and otherthing dns is 192.168.1.101

    Running a reverse proxy on pfsense gets you nothing.. Since why would machine that just looked up from dns for something.localdomain.tld and got told its IP address is 192.168.1.100 send that http://something.localdomain.tld traffic to pfsense IP?  So that it could be forwarded or reverse proxied back to your .100 machine?

    "I have multiple services running on various ports. "

    If what your running is locked to that specific port you have some options.. You can just use the url to that port  http://something.localdomain.tld:port or you could have the server or any server for that matter that you can resolve and get pointed to on port 80 serve up a redirection..  So you could go to

    http://something.localdomain.tld or http://machine.localdomain.tld/something and get redirected via that server on port 80 sending you to http://machine.localdomain.tld:port or http://something.localdomain.tld:port

    This could be simple meta tag refresh pointing to the new url and port... Could be done in javascript, can also be redirected via 301 or 302.. All done on the server - this sort of stuff would not be done on pfsense.. While you can sure do a port forward on the lan side from 1 port to another port.  The client would have to be hitting pfsense on this port to be able to get redirected, etc.  Which not going to happen if you are wanting your users to be going to some name that resolves to local server IP, etc.



  • @joelones said in Redirect http on another port for a host override:

    So what I want to accomplish is the following; I'd like for users on the network, instead of accessing services as [ip:port], to access them as such [MachineName/ServiceName].

    I realize this question is old but I found it while looking for something else and this response may help someone else. What you are trying to do is often done with pfSense handling the LAN routing and Nginx or Apache handling the port routing on the local server running your services or apps.

    • In pfSense, services > dns resolver I use host overrides like this (example):
      • Host=test1, Domain=something.com, IP Address=192.168.12.20, Description="Main app/service on this server"
    • Then under "Additional Names for this Host" i have:

    This routes LAN request targeting test1.something.com, test1.something2.com and test1.something3.com to 192.168.12.20 server. On that server I have Nginx running (same thing can be done with apache) and routing request to different service ports. Here is a basic example Nginx config for http://test1.something.com and http://www.test1.something.com being routed to a service running on server at 192.168.12.20 on port 3005 on a Ubuntu server.

    # file /etc/nginx/sites-available/test1.something.com
    server {
        listen 80;
        listen [::]:80;
    
        server_name test1.something.com www.test1.something.com;
    
        location / {
            proxy_pass http://127.0.1.1:3005;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection 'upgrade';
            proxy_set_header Host $host;
            proxy_cache_bypass $http_upgrade;
        }
    }
    

    The firewall on 192.168.12.20 only needs to allow external traffic from port 80 (and 443 if https) and Nginx will route to the appropriate local service port.

    More information about that can be found Here and Here and Here


Log in to reply