NAT Reflection / Custom DNS / Reverse Proxy Configuration.



  • Good evening.
    Not sure if this is the right place to post this question, I think I need net reflection, but not sure.

    My firewall is setup at home, and I have a domain name that resolves to my home network; domain.co.uk

    PFSense has two internal networks, one for LAN and one setup as a DMZ, and connects to a managed HP layer three switch.

    My family devices (laptops, phones, tablets, PC's) all reside on the LAN, I'm hosting some services on my unraid server, (which resides on my LAN, but has a tagged vlan for the dockers) nextcloud, homeassistant, appdaemon, etc and other than the unifi controller they are all on the DMZ vlan.
    Incoming traffic, all comes in on port 80, and is directed to the letsencrypt docker handles SSL offloading, and rewrite the URL to services in the DMZ, and my media server on my LAN.

    Each docker resides on a separate ip address, and generally on thier propritary ports (i.e nextcloud runs on port 443, home assistant on 8123 etc.)
    My url rewrite rules direct traffic to the correct places and includes the port info;
    ha.domain.co.uk: 192.168.12.202:8123
    nextcloud.domain.co.uk: 192.168.12.200:443

    My internal network is called similardomain.local.

    I was using a separate vlan for my smart tech, but moved it to the DMZ, all of the smart tech is connected to it's own wifi, so that if there is a problem I can just take that wifi offline.

    So to the question:
    I want to be able to continue to use the URL's rather than ip addresses, and port numbers, as some of the services my wife, children and some family members use.
    Do i need to setup NATreflection, or do i need to add some special DNS entries?

    Any help is appreciated.

    LAN: 192.168.10.0/24
    DMZ: 192.168.12.0/24



  • On a side note, should I have my home network name as a subdomain as my external name?
    i.e. internal.domain.co.uk, or should I keep it as
    similardomain.local