Port forwarding for https & http to internal lan device.

  • I have another unrelated thread open in the firewalling section but while I have my test bed up it would be great to have idaes on my port forwarding scenario. If another approach is more suited then by all means suggestions would be great.

    I have a single WAN ip address, lan side I have a 2 devices that both use https and http to login.

    Is it possible to have a single port on a forward direct to the internal lan device and allow the 2 ports to function (80,443)? The reason I say this is when logging into one of device lan side just after you have typed in the http address (http://81.x.x.x:17620) and pressed return it then changes to https ssl to ask for the password. Having entered the password it then changes back to http for the web admin page. The web admin is java based and to my knowledge the only ports it needs to work is 80 and 443.

    I was finding that If I create a port forward using 17620 and https it brings up the login page but having put in the password and hitting return the connection times out due to the interface changing back to http.

    Basically I wanted a way of having the single ip address and somehow having an alias or port number redirect to the correct internal lan machine whilst using the ports mentioned above. I have tried creating a list of ports as an alias and then assigning a port number (17620) to then go to the lan device (via alias) using the alias but alas no joy. I suspect aliases with multiple ports do not work for port forwards.

    If there is a name based solution then I'm all ears but all I have is what is mentioned above a single ip address and some test internal lan hosts. If some DNS based solution is available then if some choice phrasing could be given I will try and look into it to solve this myself. If I could find a solution to this problem then I could have an unlimited amount of internal lan devices all accessible from a single ip address :) that would be great news.

    I suspect there may be mention of 1:1 nat but only having one ip address on the wan for multiple lan devices is a bummer.



  • No - you can't do that and have it work.  You can forward a single port only to a single port.

  • Ok CH.

    Do I have any other options. Would it be possible to somehow redirect a wan packet to internal host via

    device1.mydomain.com > First Device
    device2.mydomain.com > Second Device

    Forgive my ignorance but are components available if pfsense to do the above.

    Thanks for all your help so far on both my threads.

  • Yes, if both are using HTTP (not HTTPS), then you can use a reverse proxy.  You've got various options there, including HAProxy and Squid - I'd probably go with HAProxy unless you're already experienced with Squid.

  • OK cheers CH I will look into Haproxy.



Log in to reply