4. NAT: 1 WAN:PORT to 1 LAN:Different LAN IPs:PORT (common Port/service)

NAT: 1 WAN:PORT to 1 LAN:Different LAN IPs:PORT (common Port/service)

  • D

    I am running the latest pfSense with 1 WAN interface and 1 LAN interface serving a local LAN subnet.

    I have several domains (A records to external DNS) that resolves to my static WAN IP.

    Allow me to set with an example what is the situation and what I would like to achieve:
    STATIC WAN IP: 1.2.3.4
    domain 1: www.example.com -> 1.2.3.4 (A record)
    domain 2: www.example.org -> 1.2.3.4 (A record)
    domain 3: mail.example.com -> 1.2.3.4 (A+MX record)
    domain 4: webmail.example.com -> 1.2.3.4 (A record)

    I am running a web server on my local IP 10.0.0.1. With the use of web server's virtual hosts, I can access the different pages of domain1 and domain2 from outside using NAT/Port Forwarding from 1.2.3.4:{80,443}->10.0.0.1:{80,443}

    I am running a mail server(domain3) on my local IP 10.0.0.2. With NAT/Port forwarding I can send/receive emails. i.e.: 1.2.3.4:{25,587,993)->10.0.0.2:{25,587,993) etc
    I am also running a web server for a web mail client access, for domain3, on the same local IP 10.0.0.2 listening on the default ports {80,443}.

    Now, when I access www.example.com and/or www.example.org, on the default ports {80,443}, I am forwarded to 10.0.0.1 and serve the appropriate content for each domain.

    Is there a way, when I access webmail.example.com, on the default ports {80,443}, to be forwarded to IP 10.0.0.2 ?

    Please forgive me if this is not a NAT topic, or maybe not even a pfSense topic. If this is the case, I would appreciated if you could point me to the right direction.

    PS
    Just to mention, I know that:
    a. I could run the web client on the existing web server on 10.0.0.1 and yes, problem solved.
    b. I could access the web client for my mail server from a different port. i.e. webmail.example.com:5580 with NAT/Port forwarding WAN:5580 -> 10.0.0.2:80

    Thank you in advance for your time.

    0

  • In your case Id either..

    Get a second static IP address and use 1:1 NAT on each static to each LAN address..

    Set up port forwarding in favor of 1:1 NAT and use another port for your mail service..    domain 4: webmail.example.com:88 -> 1.2.3.4 (A record) as an example..

    Move the mail server service to the webserver which is what Ive done in a couple of cases.

    If your running multiple pages on your webserver I assume your running something like Apache with virtual hosts enabled..

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy