Redirect FQDN internally



  • Not sure how to call what I'm trying to do is called so I'll just describe it.

    From the computers in the LAN.

    I want pfSense to redirect some FQDNs to internal IPs

    For example :

    CRM.domain.com => 10.0.1.1
    ERP.domain.com => 10.0.1.2

    How can I do that please?

    Thanks!



  • What version of pfsense are you using?

    If you are using 2.1, then you might be using the dns forwarder which means the Host overrides might do what you want to do, but this is based on similar suggestions seen elsewhere in the forum pages.



  • Like firewalluser said, in 2.1 you can use the DNS forwarder.

    Its under Services/DNS forwarder.
    Enable it.
    Select the interface.

    Host: crm
    domain: domain.com
    IP 10.0.1.1

    I think it updates every 5 minutes if I remember correct.



  • If you already have an existing DNS, you can create your FQDNs and point them to the LAN IPs.  Otherwise, do as the others have said and use the pfSense DNS forwarder with a host override.  This is known as split DNS and it is the preferred way over NAT Reflection to access internal resources using their public names.



  • Thanks for the replies !

    I should have said, I'm using 2.1.5-RELEASE

    I used the DNS forwarder, it's exactly what I was looking for.

    However, for one of my server, it uses port 8069

    So externally, when people type in ERP.domain.com the reverse proxy will forward port 80 to 8069 and it will be "seamless" for external users.

    With the DNS forwarder, it will not do the "port conversion" is there any way to do that?



  • DNS doesn't care about ports at all.  Just create a port forward for your public IP port 80 to LAN IP port 8069.  Usually the NAT rule you create automatically adds the correlating firewall rule, but check to be sure.



  • Or you could setup your own dns server and configure your dhcp server to point to that for dns info. I'm using Windows Server 2012 R2.



  • Took a simpler route for now… added a firewall rule in the CentOS 7 that was installed of the 8069 computer so if forwards all trafic on port 80 to 8069.

    In the end, all is working like I wanted... thanks all!



  • The fun thing about networking is there are often several ways to configure something.  The trick is to know which is best.


Log in to reply