pfSense Gold Subscription

Author Topic: Redirect http on another port for a host override  (Read 179 times)

0 Members and 1 Guest are viewing this topic.

Offline joelones

  • Jr. Member
  • **
  • Posts: 50
  • Karma: +0/-0
    • View Profile
Redirect http on another port for a host override
« on: November 04, 2017, 04:18:32 pm »
I am using the DNS Resolver and have a host override for a particular host on my internal network. I'd like http traffic for that host to be redirected to port 81? Basically I want to setup an internal reverse proxy for services within my network and want to use port 81 as port 80 is already being used.

What's the simplest way to achieve this? Thanks

Offline johnpoz

  • Hero Member
  • *****
  • Posts: 14299
  • Karma: +1330/-193
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: Redirect http on another port for a host override
« Reply #1 on: November 04, 2017, 06:48:15 pm »
What?  That ha nothing to do with a host override.. If the host is on your network, why would you even hit pfsense to hit a forward or reverse proxy to get sent back to a machine on your own network..

What exactly are you wanting to accomplish.. Why not just hit the box directly at :81 or have it redirect on 80 to 81.. Why would you even need to redirect to 81 and why can you not just hit 80, etc.
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.3.4_p1 (work)
1x 2.4.2-RELEASE on VM esxi 6.5 (home)

Offline joelones

  • Jr. Member
  • **
  • Posts: 50
  • Karma: +0/-0
    • View Profile
Re: Redirect http on another port for a host override
« Reply #2 on: November 04, 2017, 08:18:01 pm »
What?  That ha nothing to do with a host override.. If the host is on your network, why would you even hit pfsense to hit a forward or reverse proxy to get sent back to a machine on your own network..

What exactly are you wanting to accomplish.. Why not just hit the box directly at :81 or have it redirect on 80 to 81.. Why would you even need to redirect to 81 and why can you not just hit 80, etc.

Apologies if my question wasn't clear or makes littles sense (which could be the case), networking is not my forte.

But I thought the point of a host override was for hostnames lookups which you don't want to flow via the standard DNS lookup process, case in point, one local machine on my network...

More so, on this one machine, I have multiple services running on various ports.

So what I want to accomplish is the following; I'd like for users on the network, instead of accessing services as [ip:port], to access them as such [MachineName/ServiceName].

I'm able with a host override to ping MachineName on my network. And I'm assuming a reverse proxy would help me with the /ServiceName portion. But since there's an un-relocatable service on port 80, the reverse proxy would be listening on port 81. Hence the point of my original question.

Offline johnpoz

  • Hero Member
  • *****
  • Posts: 14299
  • Karma: +1330/-193
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: Redirect http on another port for a host override
« Reply #3 on: November 05, 2017, 02:02:27 am »
"instead of accessing services as [ip:port], to access them as such [MachineName/ServiceName]."

That is on your server has zero to do with dns..

You have a server machine.localdomain.tld

You htting it via http://machine.locadomain.tld/something or
http://machine.localdomain.tld/otherthing

Has nothing to do with dns.. Your host override would just be that machine.localdomain.tld is at 192.168.1.100 for example.

You setup your machine if they hit /something they get served application ABC, if they go to /otherthing then they get XYZ..

DNS has nothing to do with ports..  Keep in mind that since your machine is local and on rfc1918 space.. There is nothing saying you can not host your applications on 80 on different IPs... so

http://something.localdomain.tld
http://otherthing.localdomain.tld

where something dns is 192.168.1.100 and otherthing dns is 192.168.1.101

Running a reverse proxy on pfsense gets you nothing.. Since why would machine that just looked up from dns for something.localdomain.tld and got told its IP address is 192.168.1.100 send that http://something.localdomain.tld traffic to pfsense IP?  So that it could be forwarded or reverse proxied back to your .100 machine?

"I have multiple services running on various ports. "

If what your running is locked to that specific port you have some options.. You can just use the url to that port  http://something.localdomain.tld:port or you could have the server or any server for that matter that you can resolve and get pointed to on port 80 serve up a redirection..  So you could go to

http://something.localdomain.tld or http://machine.localdomain.tld/something and get redirected via that server on port 80 sending you to http://machine.localdomain.tld:port or http://something.localdomain.tld:port

This could be simple meta tag refresh pointing to the new url and port... Could be done in javascript, can also be redirected via 301 or 302.. All done on the server - this sort of stuff would not be done on pfsense.. While you can sure do a port forward on the lan side from 1 port to another port.  The client would have to be hitting pfsense on this port to be able to get redirected, etc.  Which not going to happen if you are wanting your users to be going to some name that resolves to local server IP, etc.

- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.3.4_p1 (work)
1x 2.4.2-RELEASE on VM esxi 6.5 (home)