Http redirect - one IP to 5 DNS entries



  • hi there,

    i have one external IP with 5 DNS entries on it.

    Right now i have setup apache with 5 Virtual-Hosts redirected to different internal http:// addresses.
    5 DNS-entries - 5 different http:// addresses.

    Looks something like this:

    http://example1.domain.com _                               _ http://intranet.domain.com/example1
                                                                             \                            /    
                                      http://example2.domain.com_ \                          /__ http://intranet.domain.com/example2                                                          
                                                                                \ (ApacheVhosts) /
                                      http://example3.domain.com  __\ 123.456.789.0 /____http://intranet.domain.com/example3
                                                                                 /                    
                                       http://example4.domain.com _/                       ___http://intranet.domain.com/example4
                                                                              /                          
                                    http://example5.domain.com _/                            _ http://intranet.domain.com/example5

    I hope this little picture describes what im talking about!

    So im curious how to do this on a pfsense-machine?!

    I thought about creating a NAT rule this way, but "redirect target ip" allows only numbers…

    interface: wan
    protocal: tcp
    source: example1.domain.com
    sorce porte range: from: any / to: any
    destination: wan address
    destination port range: from: any / to: any
    redirect target ip: ???
    redirect port range: any
    description: name
    nat reflection: use system default
    filter rule association: pass

    So is there a way to accomplish that on pfsense 2.0.1?

    cheers



  • Since you are bringing it to one apache server with vhosts, your setup basically remains the same. For example.

    http://site1.google.com -> resolves to 8.8.8.8
    http://site2.google.com -> resolves to 8.8.8.8
    http://site3.google.com -> resolves to 8.8.8.8
    http://site4.google.com -> resolves to 8.8.8.8

    Notice they are all the same.
    In pfSense, you are going to create either a port forward and advanced outbound NAT (AON is optional) or a 1:1 and associated rules and point 8.8.8.8 to 10.1.2.3 (internal Address of apache server). The apache server will hand out the correct content based on the site name visited (as it should be doing now). pfSense will not stop apache from working correctly. I have this setup at my data center and it works very well.



  • missunderstanding i think.

    i want to replace the apache server with a pfsense doing the same as described.

    i need to make url-redirection, cause internal urls all have a pendant on the outside.

    Means from outside someone is entering in his browser: http://example1.domain.com und is redirected by apache to http://intranet.domain.com/example1.
    By Entering  …example2.... apache redirects to  http://intranet.domain.com/example2

    to say, 5 different internal urls - 5 different DNS entries - on 1 IP Address!!

    Maybe the problem is solved by using the package squid-guard filter to redirect internal???

    cheers



  • If it is still getting to apache on the same server, then you can do that within apache and you don't need any help from pfSense. Personally, that is not something I want my FW doing. I guess squid could do the same thing, but they are all going to a web server behind pfSense, so why not utilize it for what it does.



  • no podilarius, you are missunderstanding again

    i want to get rid OFF my APACHE Server, and do the redirect on the pfsense!!

    so any suggestions how to do this?



  • You are talking then about hosting websites directly from pfsense?



  • Im talking about Name Based Url redirection, from the pfsense to different webservers in the LAN.



  • Ah, then you are going to need something like varnish or haproxy. I have not personally used them, but there are many who do.



  • You can install squid3

    High performance web proxy cache.
    It combines squid as a proxy server with it's capabilities of acting as a HTTP / HTTPS reverse proxy.
    It includes an Exchange-Web-Access (OWA) Assistant.	
    

Log in to reply