Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Proxy APR and NAT redirection within the same vlan and IP subnet

    Scheduled Pinned Locked Moved NAT
    2 Posts 2 Posters 395 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      robcmk22
      last edited by

      Hi all,

      I am really struggling to resolve an issue I have with my PFsense 2.4.2 installation.  I have a service (well a collection of services that are all accessed using one name) that I want to be able to access internally and externally.  I have configured the appropriate split DNS so that externally it resolves to one of my WAN IPs and internally it resolves to a Proxy ARP IP I have assigned to the same network as my clients.  The external natting (port mapping) works just fine, but I cannot get the internet equivalent to work.

      To illustrate the issue.

      [client] –----------------------------------------[pfsense FW]–---------------------------------------[internet]
      192.168.1.10                                            192.168.1.254 (DG)                                            public ips
                                                                      192.168.1.100 (Proxy ARP / NAT redirection) –----[internal service ip]
                                                                                                                                                192.168.1.20

      What I would like to happen is that when I browse to the internal dns name & port from a client pc, it resolves to the proxy arp address, the traffic hits the firewall and is then redirected to the actual service IP and port on the same network as the client.

      from a dns perspective… something like this https://myserviceproxyarp.local:4443 ---> myservicereal.local:443

      Any hints or tips on whether this is possible and if so what I can do to make it work would be really great!

      Many thanks

      Rob

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        why would you client not just go to https://myservicereal.local

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.