Netgate SG-1000 microFirewall

Author Topic: mask IP:port pairs as a dummy IP  (Read 122 times)

0 Members and 1 Guest are viewing this topic.

Offline killater

  • Newbie
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
mask IP:port pairs as a dummy IP
« on: January 02, 2018, 01:50:58 pm »
Hello guys!
I've got a following issue: I have a number of devices in my network with web insterfaces on different ports, I want users to simply enter server.network.com and see the desired server without memorizing number of ports for each service.
My Lan interface is in 192.168.1.0 subnet
I've set DNS resolver override to return dummy IPs(192.168.0.0) for the names like server1.network.com , server2.network.com, then I've created NAT port-forward Rule to go from port 80 on dummy IP to a real port on real IP.
But traceroute shows that packets go outside(to a WAN interface).

Is there a way to do this masking in a more elegant way?

Offline KOM

  • Hero Member
  • *****
  • Posts: 5508
  • Karma: +681/-23
    • View Profile
Re: mask IP:port pairs as a dummy IP
« Reply #1 on: January 02, 2018, 02:30:31 pm »
Are these devices on a different network than your LAN?  I wasn't sure if the IPs you provided were just for example or real.  A reverse proxy might help here, like HAProxy.

Offline GruensFroeschli

  • Little Green Frog
  • Global Moderator
  • Hero Member
  • *****
  • Posts: 5443
  • Karma: +86/-3
  • No i will not fix your computer!
    • View Profile
Re: mask IP:port pairs as a dummy IP
« Reply #2 on: January 02, 2018, 02:38:25 pm »
https://doc.pfsense.org/index.php/Why_can%27t_I_access_forwarded_ports_on_my_WAN_IP_from_my_LAN/OPTx_networks

In such a scenario i guess you can't use split DNS, thus have to go the NAT reflection route.
We do what we must, because we can.

Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

Offline killater

  • Newbie
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
Re: mask IP:port pairs as a dummy IP
« Reply #3 on: January 02, 2018, 03:43:04 pm »
Are these devices on a different network than your LAN?  I wasn't sure if the IPs you provided were just for example or real.  A reverse proxy might help here, like HAProxy.
No all servers are in the same network wich is my LAN. I use different IP subnets to sepparate real addreses from fake.