Multiple Domains



  • I wasnt sure what other category to post this into so my apologies if this is the wrong section.

    I currently have one domain with a static IP set in my PF and I would like to be able to manage a second domain and possibly more. The only problem is, on the System->General Setup; I only see the ability to list one domain.

    Is it possible for PF to support multiple domains? If so, can someone point me to the right doc/website to find the answer? Thanks.



  • you can use other static IP's you have allotted using VIP's. I would suggest searching 1:1 nat, or Virtual IP's. Also, you can do this on most web servers using host headers. If you have a large allotment of public IP's you could potentially turn off NAT and use the public IP's on machines directly.



  • Unfortunately, my circumstances will not allow me to do it this way. I am not just hosting webservers. I have to be able to host email, web, and several other applications/services.

    For example, if I have abc.com and xyz.net, i need to be able to have PF support both domains as well as all sub-domains associated with them. I can point my registrar to my one public facing IP so all internet traffic to both domains would come to my IP. However, I need the ability to control where traffic for each domain will go once it gets to me. At this point, I do not see how PF can handle that since it only supports one domain handle.


  • Banned

    And you are right…..genuine Layer7 will solve the problem for you. I use ISA2006 to solve that matter. Works perfect.

    I would very much like to see this feature in PFSense....working. It makes it more or less complete when L7 is working and the logging facilities expand to a level similar to ISA2006, and the block countries feature shows up...



  • @Supermule:

    And you are right…..genuine Layer7 will solve the problem for you. I use ISA2006 to solve that matter. Works perfect.

    I would very much like to see this feature in PFSense....working. It makes it more or less complete when L7 is working and the logging facilities expand to a level similar to ISA2006, and the block countries feature shows up...

    I assume you are talking about the Microsoft product. I focus on open source solutions and am not currently looking to move to a Microsoft solution.



  • @futurecis:

    I am not just hosting webservers. I have to be able to host email, web, and several other applications/services.

    For example, if I have abc.com and xyz.net, i need to be able to have PF support both domains as well as all sub-domains associated with them. I can point my registrar to my one public facing IP so all internet traffic to both domains would come to my IP. However, I need the ability to control where traffic for each domain will go once it gets to me. At this point, I do not see how PF can handle that since it only supports one domain handle.

    Depending on the other applications/services you need to support it may not be possible to do what you want. Lets say your single IP is 111.222.0.3 then access to abc.com and xyz.net will both map into (generally) a TCP connect to a service specific port on IP address 111.222.0.3. At this stage there is nothing to distinguish a connect to the service on abc.com from the same service on xyz.net. Anything that would distinguish different domains has to be embedded in the data exchanged between client and server. I haven't looked into the details but I suspect TELNET (for example) doesn't specify such data. I don't recall seeing any TELNET servers claiming the ability to act on such data. I don't know if this is relevant because you haven't elaborated on "other applications/services".

    Another thing that might impact what you end up adopting is whether the individual domains need to be kept separate. For example, perhaps abc.com and xyz.net are both clients of yours, they don't trust each other (or at least don't want the other to see "their" traffic) but they are both prepared to trust you. On the other hand, perhaps xyz.net is an "alias" for abc.com (maybe abc.com took over zyx.net) and no real separation is required.

    To the best of my knowledge there is no generalised solution to this problem available on pfSense yet so you will have to cobble together something specific for each application/service you want to support. I expect web and email may be fairly straightforward but the "other applications/services" could be more of a challenge.



  • I think you can do multiple web pages for multiple domains easily because they can be stripped apart by the web server on the back-end.

    However, everything else will be very limited. I mean email will kind of work, but you wouldn't be able to have reverse dns for multiple domains on one ip. This used to be no problem, but my own experience in the past few months shows that ISP have become more and more restrictive. So, you will find that some don't even accept your email if your network (mx records, helo response per domain, reverse dns, etc.) isn't setup properly.

    Best regards,
    Jens



  • email is not a problem. you just pick one domain and use that in all the different mx records and add your public IP to everyone's SPF record.

    Roy…



  • I have an acquaintance that does this using Wampserver. Its actually quite simple.

    He uses Hmail to handle multiple domain names also for email.

    And all on the same machine.

    And behind his pfSense router on a dsl connection…



  • @futurecis:

    Unfortunately, my circumstances will not allow me to do it this way. I am not just hosting webservers. I have to be able to host email, web, and several other applications/services.

    For example, if I have abc.com and xyz.net, i need to be able to have PF support both domains as well as all sub-domains associated with them. I can point my registrar to my one public facing IP so all internet traffic to both domains would come to my IP. However, I need the ability to control where traffic for each domain will go once it gets to me. At this point, I do not see how PF can handle that since it only supports one domain handle.

    I don't know specifically about pfSense (and I already hear about people wondering why do you answer then…)

    I'm assuming that you have the typical setup where when you connect to your ISP , you get a single IP address and they then route a subnet to you.

    Say you connect, you get allocated 210.210.210.1 ; the subnet being routed to you is:
    58.179.125.1/28 (14 usable IPs)

    create an alias on a network card (either the one on the WAN, or one that isn't your LAN)
    ifconfig alias xl0 58.179.125.2 netmask 255.255.255.255
    ifconfig alias xl0 58.179.125.3 netmask 255.255.255.255
    ifconfig alias xl0 58.179.125.3 netmask 255.255.255.255
    etc... for all 14

    Then you create a static NAT from 58.179.125.2 -> LAN 192.168.0.30
    natd.conf would contain:
    redirect_address 192.168.0.30 58.179.125.2

    the default gateway of 192.168.0.30 is the LAN address of the gateway of course.

    That's it.

    Now if you can do that in pf web interface, I'm all for it ; because that's precisely what I will be looking at doing ..

    Cheers
    Jean-Yves


Locked