Redirect (forward?) from a dynamic DNS hostname to an internal server port

gordonpn · Jan 4, 2020, 6:02 PM

Hello,

I am still learning the terminology in this field. I found the topic linked above through Google search. I am basically trying to achieve the same as user mgodinez was trying.

I set up a Dynamic DNS Client under the hostname of hello.mydomain.com for example and now I want this hostname to link me to an internal IP with port such as 192.168.2.45:8008. I am lost in the myriad of settings that pfSense offers after this step.

Would somebody be kind enough to point me in the right direction please?

On my old ASUS router, I had simply forwarded the port 80 of the router to the internal IP:Port of choice. That may or may not be good practice, I'm not sure. I'd like to learn.

Thank you.

netblues · Jan 4, 2020, 6:17 PM

dynamic dns and port forwarding are two unrelated things.
Dynamic dns is a means of automatically assigning a dns name to an often changing ip, in most cases assigned by an isp.
port forwarding is enabling a packet hitting a specific port (typically on a wan interface) to be forwarded and nated to an internal address. port.
In pfsense,port forward is defined on firewall, nat port-forward and is the same idea as on an asus router.
Having said that, pf, as a firewall needs also rules on specific wan interface for port forward to work.
And one last thing, when creating rules, target ip is NOT the wan ip, but the ip traffic is getting forwarded to, typically on a private ip range.

Hope this helps :)

gordonpn · Jan 4, 2020, 7:45 PM

EDIT: Some progress! I think the DNS took effect, but the error is "ERR_CONNECTION_REFUSED" now when I try to load the webpage.

Here is what I tried, but I don't think it is working.

Could you tell me if you see something wrong?

I've made a new firewall rule as follows:
I went in my Namecheap domain name provider to add the two first records, the two bottom ones were already there.
I set up my Dynamic DNS Client in pfSense as follows:
Using HAProxy, I set up a backend to point at the internal server address:port and a frontend that points to that backend if the hostname matches "hello.mydomain.com", pretendng that mydomain.com is the one that I leased.

netblues · Jan 5, 2020, 6:34 AM

You are doing http redirects at the hosting provider web server. This will only work for http/s but nothing else.
You dont really need this much complexity. A simple cname pointing to your dynamic ip host name is all that is needed.
As for pf, messing with haproxy adds much more complexity and again is focused on web traffic, and is certainly not a replacement for a simple port forward.

gordonpn · Jan 5, 2020, 6:42 AM

@netblues

My end goal is to have a few subdomains linking to personal web servers.

For what it's worth, I got it working with Squid Reverse Proxy Server, but only internally (as in while I am connected to the local network).

Do you know how I could make them public facing, so I could access them from anywhere?

You dont really need this much complexity. A simple cname pointing to your dynamic ip host name is all that is needed.

If I go this route, could this work with multiple web servers running on different ports from the same address 192.168.1.25, for example?

netblues · Jan 5, 2020, 6:57 AM

@gordonpn
You can have as many cnames pointing to the same dynamic ip as you like.
Your internal web server can handle thousands of different sites with domain virtual hosting negotiation (a http 1.1 feature) . You don't need anything else, and certainly not many web servers running on different ports.