Re: [pfSense] DNS-based inbound NAT?

[Yehuda Katz]

HTTP Host headers are not even seen by the firewall unless some type of
Deep Packet Inspection is running or the firewall is the destination and
runs a proxy to the other servers.

The alias method suggested will not work in this case (as you found)
because pfSense does not check the host headers.

Squid might be able to do the job, but I don't think the pfSense package of
squid supports multiple FQDNs (Fully Qualified Domain Names).
A quick look at the settings page shows only options for proxy by path, not
by full URL.
Once you install the plugin, look under Services - Reverse Proxy for the
settings.

- Y


On Sun, Dec 14, 2014 at 1:29 PM, Mike Bobkiewicz sec...@commobil.de wrote:

 Hello,
 we have a problem: we´re running a pfSense 2.1.5 firewall with a single
 WAN address in front of a DMZ zone with two web servers. What we now want
 to do is that pfSense redirects a http call to server1.example.com to
 webserver 1 and a http call to server2.example.com to webserver 2.
 We have found two threads on the pfSense board but we couldn´t make them
 run.
 First thread mentioned to add aliases for the dns names and create
 redirect nat rules. That doesn´t work because pfSense seams to replace the
 dns entries from the aliases at run time so the first matching rule is the
 winner: when server1.example.com is the first rule webserver 1 answers
 for both server1.example.com and server2.example.com. After moving the
 rule for server2.example.com before the server1 rule webserver 2 answers
 all calls.
 The second thread mentions to install the squid3 3.1.20 package and to use
 it´s reverse proxy function but we can´t figure out where to find it in the
 settings.
 Any help or advice is highly welcome.

 Best regards,

 Mike Bobkiewicz
 ___
 List mailing list
 List@lists.pfsense.org
 https://lists.pfsense.org/mailman/listinfo/list

___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] DNS-based inbound NAT?

[Brian Henson]

I second using a reverse proxy for this. You can use the squid package or
even use the Mod_security and proxy pass directive

On Sun, Dec 14, 2014 at 1:44 PM, Yehuda Katz yeh...@ymkatz.net wrote:

 HTTP Host headers are not even seen by the firewall unless some type of
 Deep Packet Inspection is running or the firewall is the destination and
 runs a proxy to the other servers.

 The alias method suggested will not work in this case (as you found)
 because pfSense does not check the host headers.

 Squid might be able to do the job, but I don't think the pfSense package
 of squid supports multiple FQDNs (Fully Qualified Domain Names).
 A quick look at the settings page shows only options for proxy by path,
 not by full URL.
 Once you install the plugin, look under Services - Reverse Proxy for the
 settings.

 - Y


 On Sun, Dec 14, 2014 at 1:29 PM, Mike Bobkiewicz sec...@commobil.de
 wrote:

 Hello,
 we have a problem: we´re running a pfSense 2.1.5 firewall with a single
 WAN address in front of a DMZ zone with two web servers. What we now want
 to do is that pfSense redirects a http call to server1.example.com to
 webserver 1 and a http call to server2.example.com to webserver 2.
 We have found two threads on the pfSense board but we couldn´t make them
 run.
 First thread mentioned to add aliases for the dns names and create
 redirect nat rules. That doesn´t work because pfSense seams to replace the
 dns entries from the aliases at run time so the first matching rule is the
 winner: when server1.example.com is the first rule webserver 1 answers
 for both server1.example.com and server2.example.com. After moving the
 rule for server2.example.com before the server1 rule webserver 2 answers
 all calls.
 The second thread mentions to install the squid3 3.1.20 package and to
 use it´s reverse proxy function but we can´t figure out where to find it in
 the settings.
 Any help or advice is highly welcome.

 Best regards,

 Mike Bobkiewicz
 ___
 List mailing list
 List@lists.pfsense.org
 https://lists.pfsense.org/mailman/listinfo/list


 ___
 List mailing list
 List@lists.pfsense.org
 https://lists.pfsense.org/mailman/listinfo/list

___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list