Having two subdomains on one public IP addres behind pFsense router

domain-name-system port-forwarding domain traffic-management pfsense

This can be done with the squid3 package. squid3 includes a Reverse Proxy server

Install the squid3 package...

  1. System > Packages
  2. Scroll down to squid3 and press the + button

After installation go to Services > Reverse Proxy

Under the General tab...

  1. Reverse Proxy interface: WAN
  2. external FQDN: YourFQDN.com (this should be your main name, but it doesn't mean you're limited to subdomains of the name you put there)
  3. Enable HTTP reverse mode checked

Under the Web Servers tab, add the (internal) IP of each of your servers

  1. Press the + button
  2. Enable this peer checked
  3. Peer Alias: make up a nickname for your server
  4. Peer IP: the IP address of your server
  5. Peer Port the port for your server (probably 80)
  6. Save

Under the Mappings tab, add the domain name for each of your servers

  1. Enable this URI checked
  2. Group name: make up a nickname
  3. Peers: select the corresponding server you setup in the Web Servers tab
  4. Save

Finally, under Firewall > Rule, create rule to direct traffic to the reverse proxy server

  1. Press the + button to add a rule
  2. The default settings...
    • Pass, WAN, TCP, Source Type any
  3. Destination: WAN address
  4. Destination port range: HTTP
  5. Save

This rule should be LAST if you have other rules configured forwarding from the outside in.

Any names you use must be registered to point to your external IP-- so if your domain name is example.com, in order to create subdomains in pfsense you will need to setup a record with your domain registrar point *.example.com.

I learned from this helpful tutorial: http://sdrv.ms/V8qLfK


You can't do this with NAT because NAT only cares about IP Addresses and Ports (Layer 3 + 4). The HTTP Host header is above that so NAT implementations are never aware of it.

To achieve what you are looking for, you need a Reverse Proxy. (Apache, Squid, nginx, lighttpd etc). A reverse proxy is capable of examining the Host header in the HTTP request and forwarding the traffic to the appropriate server.


This is possible! I've successfully done something very similar using squid reverse proxy. There are guides on setting it up, but it is pretty easy. Start by installing it via the pfsense package manager, then configure some servers and mappings.

How this works:

It basically starts a web server on port 80, or 443 if you use the https option. You can then define subdomains, like "web.mydomain.com" and "portal.mydomain.com", etc, and configure where they forward to on the internal network.

Then, it will parse the request url and pass it to the appropriate server. I am taking this one step further and running two https based services on one server, using different ports. service1.mydomain.com will connect to https:// server :8443, while service2.mydomain.com will connect to https:// server :8444

FYI, My subdomains on the domain registrar's dns all point to the same "external facing" WAN IP on the pfsense box.

Does this help?

Related

Odd mdadm output: --examine shows array state failed, --detail shows everything clean
Supervisord inet_http_server behind nginx
KVM network bridge with public static IP for both host and guests
How to set up a BIND DNS server to respond a single IP address to any request on Windows?
Why does a DNS section contain NS and A records at the same time?
IIS7 hundreds of connections in CLOSE_WAIT
How domain name system is controlled?
Running swap on RAID10 or RAID5?
MySQL database backup over network
Can Apache Read The GlusterFS Brick Directly But Write To The GlusterFS Mount?
How to redirect every https request to http in Nginx?
Best Open Source or Freeware Malware/Spyware/Antivirus with centralized management? [closed]