next »

[Steve Mustafa]

I've recently installed PfSense 2.0 to test on my home-office network. Excellent work! 

One thing I'm wondering about is regarding the Layer7 traffic shaper; Its only for blocking and not for routing? So I can't route requests on surveillance.myweb.com to the DVR server whilst standard http traffic to another?  I've checked the firewall rules as well but the same doesn't seem to apply there.

Any suggestions?

TIA

[Supermule]

This layer supports application and end-user processes. Communication partners are identified, quality of service is identified, user authentication and privacy are considered, and any constraints on data syntax are identified. Everything at this layer is application-specific. This layer provides application services for file transfers, e-mail, and other network software services. Telnet and FTP are applications that exist entirely in the application level. Tiered application architectures are part of this layer.

If it only blocks, it doesnt work as intended...

[Steve Mustafa]

Aha. So what am I looking for if not Layer7 stuff? Basically, its subdomain routing, but I don't have a clue where to implement that on pfsense.

[Supermule]

L7 is what you are after.....if it only blocks, then basic function is not working.

Aha. So what am I looking for if not Layer7 stuff? Basically, its subdomain routing, but I don't have a clue where to implement that on pfsense.

[ermal]

Can you describe what you want to do with layer7?

It was meant for QoS/filtering traffic, i do not understand what you are after!

[Supermule]

He wants to route a subdomain to a different server, based on header inspection and packet contents....

[cmb]

L7 is to identify protocols. HTTP is HTTP, it going to one destination rather than some other one isn't going to look any different to L7. It sounds like you're overthinking it though, if you just want to route traffic to one specific destination, just use its IP in a firewall rule, I doubt if your web server has a dynamic IP where that might be problematic.

[ermal]

To implement layer7 routing there is some development needed, so there needs to be a budget behind because it is not an easy thing.
If you are interested.....follow-up. I have no plans to implement this in the near future.

[Steve Mustafa]

Well, reading up in the definitive guide, I realize that what I'm looking for is not Layer7 routing, rather a split DNS.

Sorry folks.

[Supermule]

Why? Just to be corious...

 

Well, reading up in the definitive guide, I realize that what I'm looking for is not Layer7 routing, rather a split DNS.

Sorry folks.

[Steve Mustafa]

Well, because my subdomain externally resolves to out single static IP address, which internally needs to resolve to something else.

So, from anywhere I'd be typing camera.myweb.com and it would resolve to 20.100.0.10 and internally that would need to be resolved to 192.168.20.15.

Unless I've got the whole thing wrong...

[Supermule]

Are both hosted on the same WAN IP of your setup??

[Steve Mustafa]

Yes they are. Does that carry any significance?

[edit]
Silly me, of course it does!
How should I do this?

[Supermule]

Then how do you plan to route the traffic when it enters the PFSense???

Edit: Ok....then PFSense would not be able to handle the traffic.....it has to be header based routing and that takes L7 capability.

Squid could be an option for solving this, but I am not that much into Squid.

I use ISAserver from Microsoft to handle my L7 traffic. I only use PFSense as a frontend....

But this will change the moment PF can handle L7 and publish all what is behind ....

Yes they are. Does that carry any significance?

[Steve Mustafa]

I'm realizing just how stupid I can be by the second.

I don't want to have to do port forwarding but I will if I must.  Suggestions?

[Edit]

Aha, so I was given good advice (re L7)!

Well, then my question is now whether PFsense's L7 implementation (which I currently see as "block" only) will encompass this?