4. NAT: 1 WAN:PORT to 1 LAN:Different LAN IPs:PORT (common Port/service)

NAT: 1 WAN:PORT to 1 LAN:Different LAN IPs:PORT (common Port/service)

  • D

    I am running the latest pfSense with 1 WAN interface and 1 LAN interface serving a local LAN subnet.

    I have several domains (A records to external DNS) that resolves to my static WAN IP.

    Allow me to set with an example what is the situation and what I would like to achieve:
    STATIC WAN IP: 1.2.3.4
    domain 1: www.example.com -> 1.2.3.4 (A record)
    domain 2: www.example.org -> 1.2.3.4 (A record)
    domain 3: mail.example.com -> 1.2.3.4 (A+MX record)
    domain 4: webmail.example.com -> 1.2.3.4 (A record)

    I am running a web server on my local IP 10.0.0.1. With the use of web server's virtual hosts, I can access the different pages of domain1 and domain2 from outside using NAT/Port Forwarding from 1.2.3.4:{80,443}->10.0.0.1:{80,443}

    I am running a mail server(domain3) on my local IP 10.0.0.2. With NAT/Port forwarding I can send/receive emails. i.e.: 1.2.3.4:{25,587,993)->10.0.0.2:{25,587,993) etc
    I am also running a web server for a web mail client access, for domain3, on the same local IP 10.0.0.2 listening on the default ports {80,443}.

    Now, when I access www.example.com and/or www.example.org, on the default ports {80,443}, I am forwarded to 10.0.0.1 and serve the appropriate content for each domain.

    Is there a way, when I access webmail.example.com, on the default ports {80,443}, to be forwarded to IP 10.0.0.2 ?

    Please forgive me if this is not a NAT topic, or maybe not even a pfSense topic. If this is the case, I would appreciated if you could point me to the right direction.

    PS
    Just to mention, I know that:
    a. I could run the web client on the existing web server on 10.0.0.1 and yes, problem solved.
    b. I could access the web client for my mail server from a different port. i.e. webmail.example.com:5580 with NAT/Port forwarding WAN:5580 -> 10.0.0.2:80

    Thank you in advance for your time.

    0

  • In your case Id either..

    Get a second static IP address and use 1:1 NAT on each static to each LAN address..

    Set up port forwarding in favor of 1:1 NAT and use another port for your mail service..    domain 4: webmail.example.com:88 -> 1.2.3.4 (A record) as an example..

    Move the mail server service to the webserver which is what Ive done in a couple of cases.

    If your running multiple pages on your webserver I assume your running something like Apache with virtual hosts enabled..

    0
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy