Internal port forward (Maybe)

  • So I'm running HAProxy successfully and when I am outside of my network I can reach the hosts fine with just using the hostname.

    Here is what I want to do...

    I would like to reach the host without adding the port to the end of the name on my internal network.

    For example: works from outside my network will work internally will not work internally BUT does work internally.

    Is there a way using NAT or Split DNS to get just the hostname to work without the port bit at the end?


  • you looking for nat reflection here, i haven't configured before so maybe someone else could help.

  • Thought it was something like that. Will have to do some more google foo.


  • if you are using dynamic dns you can reverse your port.
    meaning see in your ddns if you can port forwarding from a default port 80,443 to the desired port.
    so you don't need to put the port ddns would handle the switching to that port.

  • Sorry for the poor quality drawing, but done in a rush. Should show you what I want to achieve.

    So, I have a number of domains setup all using DDNS:

    These use Acme certs from LetsEncrypt for TLS and everything is fine from outside my network as all external traffic hits HAProxy (shared frontend) is then either redirected from port 80 to port 443 or just comes straight in on 443 to enforce TLS.

    As you can see, host03 uses a non standard port. HAProxy takes care of this for external traffic, so just the hostname is enough, but on my internal network I have to use in order to get to the host webUI.

    I do I go about getting either NAT reflection or something similar to point me to my host without having to use the port numbers internally?



  • @McMeanF
    what you are hosting on host03!?
    if it's IIS you can just redirect port 80 or 443 to 10443.
    if it's Linux based i think you can also do that.
    i think you need to do port redirect on the host03 rather than on pfsense it self.
    i already have IIS that redirect port 80 to 443. so i think you should be able to do it on the host03 level.
    so then for your HAproxy you need to forward to 80,443 rather than 10443 and let the host handle the redirect to 10443.
    so port 10443 should be open on pfsense which it is if you able to connect to host03 from outside.
    this would solve your problem if host03 able to redirect from 443 to 10443.

Log in to reply