Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    NAT Reflecition or new Port Forward (or haproxy?)

    Scheduled Pinned Locked Moved NAT
    1 Posts 1 Posters 297 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rChip
      last edited by

      Hi,
      after searching hours on a solution, testing and logging I decided to ask here (for a hint):

      The server (docker): providing some web services - same IP/host - on different ports:
      80, 443, 8080, 4443,..

      I port forwarded from the reverse proxy to firewall > NAT to the server:

      • 2.3.4.5 * [source] > WAN adress 8080 [Dest.] > 10.0.0.10 8080 [NAT]
      • 2.3.4.5 * [source] > WAN adress 443 [Dest.] > 10.0.0.10 443 [NAT]
      • ...

      Reverse proxy, to simply have multiple dns (one.example.com & two.example.com) to my single IP [WAN]
      nginx - one.example.conf:

      map $http_upgrade $connection_upgrade {
	  default upgrade;
	  ''      close;
	}

map $http_x_forwarded_proto $thescheme {
  default $scheme;
  https https;
}


	server {
	  listen 80;
	  server_name one.example.com;
	  return 301 https://$host$request_uri;
	}

	# SSL configuration
	server {
	  listen 443 ssl;
	  server_name bitwarden.panner.app;
	  set $upstream [WAN]:8080;
	  location / {
	    proxy_pass http://$upstream;
	    proxy_set_header Host $host;
	    proxy_redirect http:// https://;
	    proxy_http_version 1.1;
	    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	    proxy_set_header Upgrade $http_upgrade;
	    proxy_set_header Connection $connection_upgrade;
	   proxy_set_header X-Forwarded-Proto $thescheme;
	  }
	}

      I split DNS those, to use them on my LAN.

      • one.example.com > 10.0.0.10
      • two.example.com > 10.0.0.10

      Tested via dig/nslookup on my machines: they resolve as expected.
      Except the 443/80 webservices, I cannot reach those websites from LAN (external fine!). Thats obvious... I thought ...
      Split-dns knows nothing about the 8080 & 4443 ports, I decided to try NAT reflection.

      So tried both NAT reflection options.
      External dns is working over the reverse proxy, as the internal IP adresses with the port (10.0.0.10:8080)
      But I could not reach the services (8080,4443,..) via the DNS adresses in LAN.

      Hope someone can give me a hint where to look at, or what I need to accomplish an ez to use dns (pref. without moving those services to multiple VMs).

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.