Tutorial for setting up NAT

  • Hello
    is there a Tutorial/Howto for Setting up NAT, if you have a single Public Address to multiple Private IP Addressee Webserver?

    have a nice day

  • Rebel Alliance Developer Netgate

    You can't forward web requests from one public IP to multiple web servers on a single port using only NAT.

    If the web servers all have the SAME content, you can use relayd (Services > Load Balancer) or HAProxy or another reverse proxy

    If the web servers all have DIFFERENT content, you'll need a reverse proxy like HAProxy to direct requests based on the Host header (for HTTP) or SNI (for HTTPS)

  • Rebel Alliance Global Moderator

    Or all your webservers would need to be on different ports.. or atleast on the public side..

    So you have publicIP, and then privateIP-A, privateIP-B and privateIP-C

    So you could do this

    http://your.domain.tld –> privateIP-A:80
    http://your.domain.tld:8080 --> privateIP-B:80
    http://your.domain.tld:8090 --> privateIP-C:80

    where your.domain.tld resolves to your publicIP.

  • hmm,
    i was hoping it would be easyer.
    this is my net

    the apache Server would hold a couple of Homepage…

  • Rebel Alliance Global Moderator

    well if your using host headers you can point multiple urls to the same server..


    And those all point to your publicIP.  Apache looks and sees oh you want sitea.domain.com and hand out whatever site that is, siteb.domain is a different one.  This is how every shared host works..  They have hundreds of fqdn pointing to the same IP.

    Its when you have different IPs on your private side and only 1 public is where there is a problem..

  • so you mean i have to have just a singel Virtuel server for everything.
    i was hoping to splitt it - maybe a vituell server = domain
    there is another point, i am not sure know.
    in proxmox i could add a vituell server just with bridging.... i will have to read further to understand it

  • Rebel Alliance Global Moderator

    Sounds like to me you don't really know what you want.

    I can only answer you questions as asked - can't read your mind.  You could have 100 servers, you could hae 1 server serving up 100 different fully qualified domain names via host headers, you could have 1 server with 100 IP address.

    Comes down to the same thing you only have 1 public IP.  If you want to use the same name site.domain.com to get there you can only distinguish via ports like shown.  Or if you want to use a reverse proxy to see sitea.domain.com and send to, and siteb.domain.com to be it 1 server or 2..

    What you can not do is have pfsense out of box know that you want to send sitea.domain.com to 100 and siteb.domain.com to .101 since it only sees the public IP your hitting and a PORT..