• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

1:1 NAT with IIS and multiple subdomains / websites

Scheduled Pinned Locked Moved NAT
iis
3 Posts 2 Posters 645 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • S
    solutionwerx
    last edited by solutionwerx Aug 22, 2018, 3:46 PM Aug 22, 2018, 2:17 PM

    Hello all,
    Making a transition from a Zywall Firewall to Pfsense
    I setup pfsense and upgraded to the latest
    I setup my static IP and virtual IP block as IP Aliases
    I setup 1:1 NAT to internal servers
    I setup firewall rules to internal servers

    Testing from external WAN
    I hit my wordpress server public domain - works
    I hit my remote desktop gateway server - works with UDP
    I hit my PTRG https server - works
    I hit my SQL report server - works
    I hit my sharepoint single domain sites - works
    I hit my FTP server - works
    you get the idea

    I have 3 web servers NLB in a farm.
    I hit my IIS prodfarm public domains- fail
    I hit my IIS srv1 public domains - fail
    I hit my IIS srv 2 public domains - fail
    I hit my IIS srv 3 public domains- fail

    so it seems there is a problem I haven't figured out yet with having multiple website / subdomains on IIS behind pfsense.

    Googling it seems there are some suggestions and I need to be pointed in the right direction. Possible problems they listed
    Host headers could be the problem
    Outbound NAT could be the problem
    I need a reverse proxy like squid/haproxy

    what do you guys think?

    update: sometimes I can hit the public subdomain1.srv1.com and it will work however if I hit subdomain2.srv1.com IIS w3wp.exe crashes and I get a .NET error thrown on the server to debug. I can replicate this on each of the servers.

    update2: an IRC user has confirmed for me that he has 1:1 NAT VIPs towards his httpd with multiple domains without hiccups or special trickery. Unfortunately for me im using IIS and he is using nginx and previously apache.

    1 Reply Last reply Reply Quote 0
    • R
      Rico LAYER 8 Rebel Alliance
      last edited by Aug 22, 2018, 2:28 PM

      Hi,
      there is a nice hangout video for relayd/HAproxy, maybe it will fit your needs? https://www.youtube.com/embed/FJSHMyrd29E

      -Rico

      1 Reply Last reply Reply Quote 0
      • S
        solutionwerx
        last edited by Aug 22, 2018, 4:25 PM

        I started this but its long and got distracted with some other people trying to help. A Beloved Freenode user says, I JUST WENT THROUGH ALL THIS. Pfsense does not pass headers with NAT and you have to use haproxy to assist.

        The channel went ballistic on pfsense saying that is rather stupid and down right ridiculous pfsense does this and that NAT is layer 3 based and it should pass the packets unaltered.

        Guess im watching this whole video. :P

        1 Reply Last reply Reply Quote 0
        3 out of 3
        • First post
          3/3
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
          This community forum collects and processes your personal information.
          consent.not_received