Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Port forwarding for https & http to internal lan device.

    NAT
    2
    5
    2993
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      sam_son last edited by

      I have another unrelated thread open in the firewalling section but while I have my test bed up it would be great to have idaes on my port forwarding scenario. If another approach is more suited then by all means suggestions would be great.

      I have a single WAN ip address, lan side I have a 2 devices that both use https and http to login.

      Is it possible to have a single port on a forward direct to the internal lan device and allow the 2 ports to function (80,443)? The reason I say this is when logging into one of device lan side just after you have typed in the http address (http://81.x.x.x:17620) and pressed return it then changes to https ssl to ask for the password. Having entered the password it then changes back to http for the web admin page. The web admin is java based and to my knowledge the only ports it needs to work is 80 and 443.

      I was finding that If I create a port forward using 17620 and https it brings up the login page but having put in the password and hitting return the connection times out due to the interface changing back to http.

      Basically I wanted a way of having the single ip address and somehow having an alias or port number redirect to the correct internal lan machine whilst using the ports mentioned above. I have tried creating a list of ports as an alias and then assigning a port number (17620) to then go to the lan device (via alias) using the alias but alas no joy. I suspect aliases with multiple ports do not work for port forwards.

      If there is a name based solution then I'm all ears but all I have is what is mentioned above a single ip address and some test internal lan hosts. If some DNS based solution is available then if some choice phrasing could be given I will try and look into it to solve this myself. If I could find a solution to this problem then I could have an unlimited amount of internal lan devices all accessible from a single ip address :) that would be great news.

      I suspect there may be mention of 1:1 nat but only having one ip address on the wan for multiple lan devices is a bummer.

      Regards

      Sam

      1 Reply Last reply Reply Quote 0
      • Cry Havok
        Cry Havok last edited by

        No - you can't do that and have it work.  You can forward a single port only to a single port.

        1 Reply Last reply Reply Quote 0
        • S
          sam_son last edited by

          Ok CH.

          Do I have any other options. Would it be possible to somehow redirect a wan packet to internal host via

          device1.mydomain.com > First Device
          device2.mydomain.com > Second Device

          Forgive my ignorance but are components available if pfsense to do the above.

          Thanks for all your help so far on both my threads.

          1 Reply Last reply Reply Quote 0
          • Cry Havok
            Cry Havok last edited by

            Yes, if both are using HTTP (not HTTPS), then you can use a reverse proxy.  You've got various options there, including HAProxy and Squid - I'd probably go with HAProxy unless you're already experienced with Squid.

            1 Reply Last reply Reply Quote 0
            • S
              sam_son last edited by

              OK cheers CH I will look into Haproxy.

              Regards

              Sam

              1 Reply Last reply Reply Quote 0
              • First post
                Last post