Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    1:1 NAT with IIS and multiple subdomains / websites

    Scheduled Pinned Locked Moved NAT
    iis
    3 Posts 2 Posters 641 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      solutionwerx
      last edited by solutionwerx

      Hello all,
      Making a transition from a Zywall Firewall to Pfsense
      I setup pfsense and upgraded to the latest
      I setup my static IP and virtual IP block as IP Aliases
      I setup 1:1 NAT to internal servers
      I setup firewall rules to internal servers

      Testing from external WAN
      I hit my wordpress server public domain - works
      I hit my remote desktop gateway server - works with UDP
      I hit my PTRG https server - works
      I hit my SQL report server - works
      I hit my sharepoint single domain sites - works
      I hit my FTP server - works
      you get the idea

      I have 3 web servers NLB in a farm.
      I hit my IIS prodfarm public domains- fail
      I hit my IIS srv1 public domains - fail
      I hit my IIS srv 2 public domains - fail
      I hit my IIS srv 3 public domains- fail

      so it seems there is a problem I haven't figured out yet with having multiple website / subdomains on IIS behind pfsense.

      Googling it seems there are some suggestions and I need to be pointed in the right direction. Possible problems they listed
      Host headers could be the problem
      Outbound NAT could be the problem
      I need a reverse proxy like squid/haproxy

      what do you guys think?

      update: sometimes I can hit the public subdomain1.srv1.com and it will work however if I hit subdomain2.srv1.com IIS w3wp.exe crashes and I get a .NET error thrown on the server to debug. I can replicate this on each of the servers.

      update2: an IRC user has confirmed for me that he has 1:1 NAT VIPs towards his httpd with multiple domains without hiccups or special trickery. Unfortunately for me im using IIS and he is using nginx and previously apache.

      1 Reply Last reply Reply Quote 0
      • RicoR
        Rico LAYER 8 Rebel Alliance
        last edited by

        Hi,
        there is a nice hangout video for relayd/HAproxy, maybe it will fit your needs? https://www.youtube.com/embed/FJSHMyrd29E

        -Rico

        1 Reply Last reply Reply Quote 0
        • S
          solutionwerx
          last edited by

          I started this but its long and got distracted with some other people trying to help. A Beloved Freenode user says, I JUST WENT THROUGH ALL THIS. Pfsense does not pass headers with NAT and you have to use haproxy to assist.

          The channel went ballistic on pfsense saying that is rather stupid and down right ridiculous pfsense does this and that NAT is layer 3 based and it should pass the packets unaltered.

          Guess im watching this whole video. :P

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.