DNS Forwarding? Multiple Port 80 Servers… Help Needed.

  • Hi there.

    Definately not an expert here. I've run pfSense as basically as possible on a P4 machine that I built with four NICs.

    For reasons of power saving I recently bought a pre-installed pfSense Alix appliance with 3 NICs and I'm now trying to work out some of the things I can do with it.

    I have the pfsense appliance connected to the WAN (obviously) and then I have a LAN and SERVER subnet on the respective interfaces. LAN is and SERV is The system I have set up works swimmingly.

    What I want to know is how to do the following:

    I presently have a server running Win2k3 and Kerio. I have to use Webmail (HTTP interface). I also have Apache installed on the same box, so for the webmail I use a HTTP rewrite in Apache to redirect the port without interfering with the handling of port 80 inbound traffic to the SERV subnet.

    I also have a Trixbox server, a ReadyNAS, all of which feature web config panels which operate on a port 80 (or 442) connection.

    What do I need to do in order to set up the system to be able to handle forwarding multiple examples of traffic on the same ports to different server boxes based on the host name at the domain. The pfsense box itself is set up to be firewall.mydomain.com and www.mydomain.com, webmail.mydomain.com and trixbox.mydomain.com all already point to my single static (WAN) IP address.

    In essence I want to be able to have port 80 and 443 open to the server subnet, but for traffic on those ports addressed to say webmail.mydomain, or www.mydomain. or trixbox.mydomain. How do I do that. I'm not that great with HTTPconf in Apache in order to create countless rewrites, and it strikes me that there should be a simple way to achieve this kind of functionality in pfsense directly.

    Does what i''m asking make any sense to anyone, perhaps someone who are already formulated a plan for effecting this. I want to be able to access those servers not just from within the subnet, ir behind the LAN, but also from outside.

    Ideas and instructions please?


  • HAProxy will solve your port 80 problem.  You'll need to couple it with stunnel or pound for it to handle HTTPS.

    Searching the forum will find you a lot of threads on the subject.

  • Someone messaged me privately and said 'Squid'.

    Is that the same sort of thing?

    Which would you recommend?

  • Squid can be used in that manner, see the Squid documentation examples.

    Both are effective solutions.  Try both and see which suits your needs better, both in terms of capability and ease of use.

Log in to reply