Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    2 devices on my lan need to have port 80 and 443 forwarded to them, How do I do this?

    Scheduled Pinned Locked Moved General pfSense Questions
    7 Posts 3 Posters 496 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      nambi
      last edited by

      My mail server needs 80 and 443 and my next cloud need the same, they are both on the same subnet and on the same IP.
      How can I have these 2 computers have their ports open and forwarded while being on the same wan IP and subnet?

      Thanks

      1 Reply Last reply Reply Quote 0
      • KOMK
        KOM
        last edited by

        You need a reverse proxy like squid or haproxy.

        1 Reply Last reply Reply Quote 0
        • stephenw10S
          stephenw10 Netgate Administrator
          last edited by

          Yeah, you can't do it if they are accessed by IP. Not directly at least. You need to use host headers and a reverse proxy and access them by different URLs.

          You could also use different external ports, so access the nexrcloud using ports 8080 and 4343 externally for example.

          Steve

          1 Reply Last reply Reply Quote 0
          • N
            nambi
            last edited by

            what do you suggest? a reverse proxy or using non default ports? I need to use let's encrypt and I have to verify that it will run over something other then 443.

            1 Reply Last reply Reply Quote 0
            • KOMK
              KOM
              last edited by

              Get another public IP routed to you by your ISP and then use the two IP addresses for your NATs. That would be the best method IMO. Next I would go reverse proxy if you can't get another address. I usually try to avoid using non-standard ports due to potential incompatibilities for some applications that might balk at doing https over something other then tcp/443, for example.

              1 Reply Last reply Reply Quote 0
              • N
                nambi
                last edited by

                just orders a block of IP

                I'm a bit confused though my original ip was a /24 and now my new Ip's are /30 I hope this doesn't pose an issue.

                1 Reply Last reply Reply Quote 0
                • KOMK
                  KOM
                  last edited by

                  I'm a bit confused though my original ip was a /24 and now my new Ip's are /30 I hope this doesn't pose an issue.

                  That's not really a pfSense issue, it's between you and your ISP.

                  You use the extra IPs to create virtual IPs for pfSense. Then you can create port forwards that route traffic from the virtual IP to the LAN host.

                  For example, I have a block of 14 usable addresses, and I have a VIP - IP Alias for each one. When creating you port forward, you select the VIP as the Destination.

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.