On Wed, Jul 25, 2012 at 10:24 PM, Joseph Hardeman <[email protected]>wrote:
> Hi Everyone,**** > > ** ** > > I have done some searching and I think this is possible, but I thought I > would ask to make sure. It’s an interesting question that was asked of me. > **** > > ** ** > > I wanted to know if pfSense can route inbound traffic based off of Domain > Name instead of IP. For instance, let’s say I have 4 web sites, all of > which have SSL enable. Normally I would have to use 1 public IP to 1 > internal IP to use SSL (I know Apache you can use SNI for Virtual Domains > and it does work) but let’s throw an IIS server into the mix. So let’s say > I have 2 web sites on an Apache server and 2 on an IIS server and I would > normally have something like this setup:**** > > ** ** > > Public IP - Domain Name - Internal IP**** > > 1.1.1.2 - www.domain1.com -> 192.168.1.2**** > > 1.1.1.3 - www.domain2.com -> 192.168.1.3**** > > 1.1.1.4 - www.domain3.com -> 192.168.1.4**** > > 1.1.1.5 - www.domain4.com -> 192.168.1.5**** > > ** ** > > This definitely allows me to pass all ports right, but what if I wanted to > do something like this:**** > > ** ** > > Public IP - Domain Name - Internal IP**** > > 1.1.1.2 - www.domain1.com -> 192.168.1.2**** > > 1.1.1.2 - www.domain2.com -> 192.168.1.3**** > > 1.1.1.2 - www.domain3.com -> 192.168.1.4**** > > 1.1.1.2 - www.domain4.com -> 192.168.1.5**** > > ** ** > > Can pfSense route via the Hostname on inbound traffic? I know you can > setup Aliases and such, just never played with it.**** > > ** ** > > Any thoughts or suggestions on how to do this and conserve Public IP’s to > direct the traffic to the proper internal IP/Ports would be greatly > appreciated.**** > > ** ** > > Joe**** > > ** ** > > There isn't really any built-in way to do this. What you really want is a reverse-proxy server (which could or could not be running on the pfSense box). However, your Reverse Proxy would either have to support SNI or have a single certificate with all of the domains on it. Your reverse-proxy would then route by domain name. I know that there are people who have gotten Pound ( http://www.apsis.ch/pound/) to run on a pfSense box, but there is currently no package for it and therefore no GUI. Two parenthetical notes about SNI: - IIS 8 (release next month or so, RC currently available) does support SNI. - Windows XP does not support SNI. (Firefox on XP does, as well as Chrome > 6 do). Moshe -- Moshe Katz -- [email protected] -- +1(301)867-3732
_______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
