Hosting Multiple Web Servers behind pfSense Router



  • Hi All,
    I've been using pfSense for about 6 months now as my main Firewall/Router & I'm very impressed with it. I now want to add some additional servers to my LAN and have them accessible from the outside world via different url's, but all on the same external IP address.  e.g mail.mydomain.com would point to my mail server, and crm.mydomain.com to my CRM server, etc.  These could be either real/physical servers or virtual servers & could be either Windows or Linux.  Can this be done with pfSense?  I've seen similar questions in the forums, but can't find anything that has a definitive answer.  Any help greatly appreciated.
    TIA,
    ADW


  • Netgate Administrator

    Well if you're using one server hosting mutiple sites that's no problem. Just use host headers to have the appropriate http instance respond. See: http://en.wikipedia.org/wiki/Virtual_hosting
    If you using multiple machines or multiple virtual machines with different internal ips then that's a lot more difficult. See: http://forum.pfsense.org/index.php/topic,10135.0.html
    That post is quite old though so there may be a solution by now.
    Obviously if you had the different http requests arriving on different ports it would be easy to port forward to the appropriate server. Is there a DNS service that can redirect in that way?
    Interesting question.

    Steve

    Edit: Here: a more recent post: http://forum.pfsense.org/index.php/topic,22529.0.html

    From some reading it seems you may be able to do this with a reverse web proxy, perhaps using squid or HAproxy.



  • Digging around, there are some supported reverse proxy packages. "Proxy Server with mod_security" and varnish which is supported on the beta x64 version.



  • funny, i posted a topic about the same time you did. I installed a solution using pound on my box but asking the forum if there are any security concerns. Pound is only for http/https traffic tho.

    http://forum.pfsense.org/index.php/topic,33566.0.html

    I'm not sure how to do this for mail(pop3,smtp,etc) but since they use different ports then HTTP, just setup a NAT/Firewall Rule for your mailserver IP and ports.

    Edit: Take a look at http://forum.pfsense.org/index.php/topic,33566.msg174126.html#msg174126 I did a quick how-to for pound


Log in to reply