Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Internal port forward (Maybe)

    Scheduled Pinned Locked Moved NAT
    6 Posts 2 Posters 427 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      McMeanF
      last edited by

      So I'm running HAProxy successfully and when I am outside of my network I can reach the hosts fine with just using the hostname.

      Here is what I want to do...

      I would like to reach the host without adding the port to the end of the name on my internal network.

      For example:

      my.hostname.com works from outside my network

      my.hostname.com:1234 will work internally

      my.hostname.com will not work internally BUT my.hostname.com:1234 does work internally.

      Is there a way using NAT or Split DNS to get just the hostname to work without the port bit at the end?

      TIA

      1 Reply Last reply Reply Quote 0
      • A
        Abdrouf4995
        last edited by

        you looking for nat reflection here, i haven't configured before so maybe someone else could help.

        1 Reply Last reply Reply Quote 0
        • M
          McMeanF
          last edited by

          Thought it was something like that. Will have to do some more google foo.

          Thanks

          1 Reply Last reply Reply Quote 0
          • A
            Abdrouf4995
            last edited by Abdrouf4995

            if you are using dynamic dns you can reverse your port.
            meaning see in your ddns if you can port forwarding from a default port 80,443 to the desired port.
            so you don't need to put the port ddns would handle the switching to that port.

            1 Reply Last reply Reply Quote 0
            • M
              McMeanF
              last edited by

              Sorry for the poor quality drawing, but done in a rush. Should show you what I want to achieve.

              So, I have a number of domains setup all using DDNS:

              host1.mydomain.com
              host2.mydomain.com
              host3.mydomain.com

              These use Acme certs from LetsEncrypt for TLS and everything is fine from outside my network as all external traffic hits HAProxy (shared frontend) is then either redirected from port 80 to port 443 or just comes straight in on 443 to enforce TLS.

              As you can see, host03 uses a non standard port. HAProxy takes care of this for external traffic, so just the hostname is enough, but on my internal network I have to use host03.mydomain.com:10443 in order to get to the host webUI.

              I do I go about getting either NAT reflection or something similar to point me to my host without having to use the port numbers internally?

              Cheers

              Plan.png

              1 Reply Last reply Reply Quote 0
              • A
                Abdrouf4995
                last edited by Abdrouf4995

                @McMeanF
                what you are hosting on host03!?
                if it's IIS you can just redirect port 80 or 443 to 10443.
                if it's Linux based i think you can also do that.
                i think you need to do port redirect on the host03 rather than on pfsense it self.
                i already have IIS that redirect port 80 to 443. so i think you should be able to do it on the host03 level.
                so then for your HAproxy you need to forward to 80,443 rather than 10443 and let the host handle the redirect to 10443.
                so port 10443 should be open on pfsense which it is if you able to connect to host03 from outside.
                this would solve your problem if host03 able to redirect from 443 to 10443.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.