Forward to specific IP/port based on FQDN



  • Hi,
    Probably someone already asked this question, but I cannot find any post. Maybe searching wrong words.

    Is it possible for pfsense to redirect internally the communication based on requested fqdn ?
    Example:
    If I request: "www.domain.com" > pfsense forward to 192.168.1.aa port: 80
    If I request: "ssh.domain.com" > pfsense forward to 192.168.1.bb port:22
    etc...

    I have my domain name, but only one public IP

    Thanks,


  • Rebel Alliance Developer Netgate

    The pfSense base system itself cannot do that, but a reverse proxy such as the HAProxy package can.

    It has to be a proxy and not at the firewall because the hostname being requested isn't visible in the packet headers when the connection is initiated, it's sent by the client when making the request after the connection is established. At that point it's too late for the firewall itself to do anything. But a proxy can accept the connection, read the request, and hand it off as needed.


Log in to reply