Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Redirect FQDN internally

    Scheduled Pinned Locked Moved General pfSense Questions
    9 Posts 5 Posters 3.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      BlazeStar
      last edited by

      Not sure how to call what I'm trying to do is called so I'll just describe it.

      From the computers in the LAN.

      I want pfSense to redirect some FQDNs to internal IPs

      For example :

      CRM.domain.com => 10.0.1.1
      ERP.domain.com => 10.0.1.2

      How can I do that please?

      Thanks!

      1 Reply Last reply Reply Quote 0
      • F
        firewalluser
        last edited by

        What version of pfsense are you using?

        If you are using 2.1, then you might be using the dns forwarder which means the Host overrides might do what you want to do, but this is based on similar suggestions seen elsewhere in the forum pages.

        Capitalism, currently The World's best Entertainment Control System and YOU cant buy it! But you can buy this, or some of this or some of these

        Asch Conformity, mainly the blind leading the blind.

        1 Reply Last reply Reply Quote 0
        • H
          Heimire
          last edited by

          Like firewalluser said, in 2.1 you can use the DNS forwarder.

          Its under Services/DNS forwarder.
          Enable it.
          Select the interface.

          Host: crm
          domain: domain.com
          IP 10.0.1.1

          I think it updates every 5 minutes if I remember correct.

          1 Reply Last reply Reply Quote 0
          • KOMK
            KOM
            last edited by

            If you already have an existing DNS, you can create your FQDNs and point them to the LAN IPs.  Otherwise, do as the others have said and use the pfSense DNS forwarder with a host override.  This is known as split DNS and it is the preferred way over NAT Reflection to access internal resources using their public names.

            1 Reply Last reply Reply Quote 0
            • B
              BlazeStar
              last edited by

              Thanks for the replies !

              I should have said, I'm using 2.1.5-RELEASE

              I used the DNS forwarder, it's exactly what I was looking for.

              However, for one of my server, it uses port 8069

              So externally, when people type in ERP.domain.com the reverse proxy will forward port 80 to 8069 and it will be "seamless" for external users.

              With the DNS forwarder, it will not do the "port conversion" is there any way to do that?

              1 Reply Last reply Reply Quote 0
              • KOMK
                KOM
                last edited by

                DNS doesn't care about ports at all.  Just create a port forward for your public IP port 80 to LAN IP port 8069.  Usually the NAT rule you create automatically adds the correlating firewall rule, but check to be sure.

                1 Reply Last reply Reply Quote 0
                • M
                  mikeisfly
                  last edited by

                  Or you could setup your own dns server and configure your dhcp server to point to that for dns info. I'm using Windows Server 2012 R2.

                  1 Reply Last reply Reply Quote 0
                  • B
                    BlazeStar
                    last edited by

                    Took a simpler route for now… added a firewall rule in the CentOS 7 that was installed of the 8069 computer so if forwards all trafic on port 80 to 8069.

                    In the end, all is working like I wanted... thanks all!

                    1 Reply Last reply Reply Quote 0
                    • KOMK
                      KOM
                      last edited by

                      The fun thing about networking is there are often several ways to configure something.  The trick is to know which is best.

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.