NAT: 1 WAN:PORT to 1 LAN:Different LAN IPs:PORT (common Port/service)



  • I am running the latest pfSense with 1 WAN interface and 1 LAN interface serving a local LAN subnet.

    I have several domains (A records to external DNS) that resolves to my static WAN IP.

    Allow me to set with an example what is the situation and what I would like to achieve:
    STATIC WAN IP: 1.2.3.4
    domain 1: www.example.com -> 1.2.3.4 (A record)
    domain 2: www.example.org -> 1.2.3.4 (A record)
    domain 3: mail.example.com -> 1.2.3.4 (A+MX record)
    domain 4: webmail.example.com -> 1.2.3.4 (A record)

    I am running a web server on my local IP 10.0.0.1. With the use of web server's virtual hosts, I can access the different pages of domain1 and domain2 from outside using NAT/Port Forwarding from 1.2.3.4:{80,443}->10.0.0.1:{80,443}

    I am running a mail server(domain3) on my local IP 10.0.0.2. With NAT/Port forwarding I can send/receive emails. i.e.: 1.2.3.4:{25,587,993)->10.0.0.2:{25,587,993) etc
    I am also running a web server for a web mail client access, for domain3, on the same local IP 10.0.0.2 listening on the default ports {80,443}.

    Now, when I access www.example.com and/or www.example.org, on the default ports {80,443}, I am forwarded to 10.0.0.1 and serve the appropriate content for each domain.

    Is there a way, when I access webmail.example.com, on the default ports {80,443}, to be forwarded to IP 10.0.0.2 ?

    Please forgive me if this is not a NAT topic, or maybe not even a pfSense topic. If this is the case, I would appreciated if you could point me to the right direction.

    PS
    Just to mention, I know that:
    a. I could run the web client on the existing web server on 10.0.0.1 and yes, problem solved.
    b. I could access the web client for my mail server from a different port. i.e. webmail.example.com:5580 with NAT/Port forwarding WAN:5580 -> 10.0.0.2:80

    Thank you in advance for your time.



  • In your case Id either..

    Get a second static IP address and use 1:1 NAT on each static to each LAN address..

    Set up port forwarding in favor of 1:1 NAT and use another port for your mail service..    domain 4: webmail.example.com:88 -> 1.2.3.4 (A record) as an example..

    Move the mail server service to the webserver which is what Ive done in a couple of cases.

    If your running multiple pages on your webserver I assume your running something like Apache with virtual hosts enabled..