Connecting to 2 servers on same port from 2 public IP's



  • I have 2 public IP's a .164/24 and .162 on 2 different servers with router IP's of 192.168.1.35 and 192.168.1.39 trying to use port 80 can this be done. I have defined the .164/24 public IP in the Firewall/Virtual IPs tab

    Thanks

    Keith


  • LAYER 8

    you can have 2 port forward with different destination address
    for example
    destination x.x.x.164 redirect to 192.168.1.35
    destination x.x.x.162 redirect to 192.168.1.39

    but, of course, you can't have a port forward with
    x.x.x.164 to 192.168.1.35
    x.x.x.164 to 192.168.1.39
    or you need the package HAProxy that do load balancer and proxy server for TCP and HTTP-based applications



  • It has been suggested by the forum to try NAT reflection, so will be looking into this, It will diffidently be a learning experience, trying to find a Dummy proof document to walk me through it

    Keith


  • LAYER 8

    NAT reflection refers to the ability to access external services from the internal network
    it has nothing to do with what you asked for
    https://docs.netgate.com/pfsense/en/latest/book/nat/nat-reflection.html


  • LAYER 8 Global Moderator

    So you have 2 different routers.. And 2 different servers - what do your servers use for their gateway?



  • Ok well that is a perfect example of how New I am at this, wanna swing by the house and help me out, so your saying the simple method you described should work, I thought I might need to take a look at what position my rule is in

    Keith



  • @kiokoman If the method you described here works, I would rather avoid installing yet another application to configure (Possibly wrong) and complicate the trouble shooting

    keith


  • LAYER 8 Global Moderator

    You still have not described what your doing exactly... Sounds like to me you have 2 different edge routers (you have 2 pfsense boxes?) And then 2 different servers internally on a shared/common lan network?

    What do your 2 different servers use for for their gateways - does 1 point to one pfsense, the other points to the other for their internet?

    A drawing of your setup would make sure everyone is clear on what you have setup.

    But sure doesn't sound like nat reflection is what your after.. Maybe source natting?



  • I have one server using ProxMox which is using the same gateway of 192.168.1.1 both VM (1) webserver and (2) mail server use the same gateway. the webserver is working fine with public 98.179.240.162 the mail server is not getting it's web interface and can use 98.179.240.174 both are attemping to connect through port 80

    See attached drawing
    Miller Network.jpg

    Pfsense config see attached
    Miller Pfsense.jpg


  • LAYER 8 Global Moderator

    This one on your proxmox - is this doing nat? What your doing is correct.

    I would go through the troubleshooting doc.
    https://docs.netgate.com/pfsense/en/latest/nat/port-forward-troubleshooting.html

    What your doing is fine you can have multiple IPs sending to port 80 behind... I would validate that traffic is actually getting to pfsense wan, and then sending it on... This can be done with packet captures on pfsense, under the diag menu..

    If I had to guess its your proxmox setup - firewall maybe on it? And access from other than your local network?

    Did you setup the vip correctly? When you do a vip, it should be available via your dropdown when you do port portward..

    example..

    vip.jpg

    And the mask should be what your network on your wan is using.. Do you have like a /29 or something? Where this address block is coming from?


Log in to reply