2 devices on my lan need to have port 80 and 443 forwarded to them, How do I do this?



  • My mail server needs 80 and 443 and my next cloud need the same, they are both on the same subnet and on the same IP.
    How can I have these 2 computers have their ports open and forwarded while being on the same wan IP and subnet?

    Thanks



  • You need a reverse proxy like squid or haproxy.


  • Netgate Administrator

    Yeah, you can't do it if they are accessed by IP. Not directly at least. You need to use host headers and a reverse proxy and access them by different URLs.

    You could also use different external ports, so access the nexrcloud using ports 8080 and 4343 externally for example.

    Steve



  • what do you suggest? a reverse proxy or using non default ports? I need to use let's encrypt and I have to verify that it will run over something other then 443.



  • Get another public IP routed to you by your ISP and then use the two IP addresses for your NATs. That would be the best method IMO. Next I would go reverse proxy if you can't get another address. I usually try to avoid using non-standard ports due to potential incompatibilities for some applications that might balk at doing https over something other then tcp/443, for example.



  • just orders a block of IP

    I'm a bit confused though my original ip was a /24 and now my new Ip's are /30 I hope this doesn't pose an issue.



  • I'm a bit confused though my original ip was a /24 and now my new Ip's are /30 I hope this doesn't pose an issue.

    That's not really a pfSense issue, it's between you and your ISP.

    You use the extra IPs to create virtual IPs for pfSense. Then you can create port forwards that route traffic from the virtual IP to the LAN host.

    For example, I have a block of 14 usable addresses, and I have a VIP - IP Alias for each one. When creating you port forward, you select the VIP as the Destination.


Log in to reply