Re: [pfSense] More ports

2014-12-14 Thread Ryan Coleman 

> On Dec 13, 2014, at 8:06 PM, Chris Bagnall  wrote:
> 
> (I've listed HP models because that's what I've experience with, no doubt 
> other manufacturers have similar models. Just watch out for some of the cheap 
> Netgears that claim to be 'managed' (model beginning J I think) - they have a 
> horrible Adobe Air management app that only works from a Windows PC, and only 
> on the subnet the device is connected to)


Personal experience: GS switches from Netgear are great. Java web app, but 
that’s fine… I also have a Cisco SB-300-50G POE switch in the house for my L3 
needs.

—
Ryan___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

[pfSense] DNS-based inbound NAT?

2014-12-14 Thread Mike Bobkiewicz 
Hello,
we have a problem: we´re running a pfSense 2.1.5 firewall with a single WAN 
address in front of a DMZ zone with two web servers. What we now want to do is 
that pfSense redirects a http call to server1.example.com to webserver 1 and a 
http call to server2.example.com to webserver 2.
We have found two threads on the pfSense board but we couldn´t make them run.
First thread mentioned to add aliases for the dns names and create redirect nat 
rules. That doesn´t work because pfSense seams to replace the dns entries from 
the aliases at run time so the first matching rule is the winner: when 
server1.example.com is the first rule webserver 1 answers for both 
server1.example.com and server2.example.com. After moving the rule for 
server2.example.com before the server1 rule webserver 2 answers all calls.
The second thread mentions to install the squid3 3.1.20 package and to use it´s 
reverse proxy function but we can´t figure out where to find it in the settings.
Any help or advice is highly welcome.

Best regards,

Mike Bobkiewicz
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] DNS-based inbound NAT?

2014-12-14 Thread Yehuda Katz 
HTTP Host headers are not even seen by the firewall unless some type of
Deep Packet Inspection is running or the firewall is the destination and
runs a proxy to the other servers.

The alias method suggested will not work in this case (as you found)
because pfSense does not check the host headers.

Squid might be able to do the job, but I don't think the pfSense package of
squid supports multiple FQDNs (Fully Qualified Domain Names).
A quick look at the settings page shows only options for proxy by path, not
by full URL.
Once you install the plugin, look under Services -> Reverse Proxy for the
settings.

- Y


On Sun, Dec 14, 2014 at 1:29 PM, Mike Bobkiewicz  wrote:
>
> Hello,
> we have a problem: we´re running a pfSense 2.1.5 firewall with a single
> WAN address in front of a DMZ zone with two web servers. What we now want
> to do is that pfSense redirects a http call to server1.example.com to
> webserver 1 and a http call to server2.example.com to webserver 2.
> We have found two threads on the pfSense board but we couldn´t make them
> run.
> First thread mentioned to add aliases for the dns names and create
> redirect nat rules. That doesn´t work because pfSense seams to replace the
> dns entries from the aliases at run time so the first matching rule is the
> winner: when server1.example.com is the first rule webserver 1 answers
> for both server1.example.com and server2.example.com. After moving the
> rule for server2.example.com before the server1 rule webserver 2 answers
> all calls.
> The second thread mentions to install the squid3 3.1.20 package and to use
> it´s reverse proxy function but we can´t figure out where to find it in the
> settings.
> Any help or advice is highly welcome.
>
> Best regards,
>
> Mike Bobkiewicz
> ___
> List mailing list
> List@lists.pfsense.org
> https://lists.pfsense.org/mailman/listinfo/list
>
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] DNS-based inbound NAT?

2014-12-14 Thread Brian Henson 
I second using a reverse proxy for this. You can use the squid package or
even use the Mod_security and proxy pass directive

On Sun, Dec 14, 2014 at 1:44 PM, Yehuda Katz  wrote:
>
> HTTP Host headers are not even seen by the firewall unless some type of
> Deep Packet Inspection is running or the firewall is the destination and
> runs a proxy to the other servers.
>
> The alias method suggested will not work in this case (as you found)
> because pfSense does not check the host headers.
>
> Squid might be able to do the job, but I don't think the pfSense package
> of squid supports multiple FQDNs (Fully Qualified Domain Names).
> A quick look at the settings page shows only options for proxy by path,
> not by full URL.
> Once you install the plugin, look under Services -> Reverse Proxy for the
> settings.
>
> - Y
>
>
> On Sun, Dec 14, 2014 at 1:29 PM, Mike Bobkiewicz 
> wrote:
>>
>> Hello,
>> we have a problem: we´re running a pfSense 2.1.5 firewall with a single
>> WAN address in front of a DMZ zone with two web servers. What we now want
>> to do is that pfSense redirects a http call to server1.example.com to
>> webserver 1 and a http call to server2.example.com to webserver 2.
>> We have found two threads on the pfSense board but we couldn´t make them
>> run.
>> First thread mentioned to add aliases for the dns names and create
>> redirect nat rules. That doesn´t work because pfSense seams to replace the
>> dns entries from the aliases at run time so the first matching rule is the
>> winner: when server1.example.com is the first rule webserver 1 answers
>> for both server1.example.com and server2.example.com. After moving the
>> rule for server2.example.com before the server1 rule webserver 2 answers
>> all calls.
>> The second thread mentions to install the squid3 3.1.20 package and to
>> use it´s reverse proxy function but we can´t figure out where to find it in
>> the settings.
>> Any help or advice is highly welcome.
>>
>> Best regards,
>>
>> Mike Bobkiewicz
>> ___
>> List mailing list
>> List@lists.pfsense.org
>> https://lists.pfsense.org/mailman/listinfo/list
>>
>
> ___
> List mailing list
> List@lists.pfsense.org
> https://lists.pfsense.org/mailman/listinfo/list
>
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] [Bulk] Re: DNS-based inbound NAT?

2014-12-14 Thread PiBa 

HAProxy can also be used for this.

Brian Henson schreef op 14-12-2014 20:13:
I second using a reverse proxy for this. You can use the squid package 
or even use the Mod_security and proxy pass directive


On Sun, Dec 14, 2014 at 1:44 PM, Yehuda Katz > wrote:


HTTP Host headers are not even seen by the firewall unless some
type of Deep Packet Inspection is running or the firewall is the
destination and runs a proxy to the other servers.

The alias method suggested will not work in this case (as you
found) because pfSense does not check the host headers.

Squid might be able to do the job, but I don't think the pfSense
package of squid supports multiple FQDNs (Fully Qualified Domain
Names).
A quick look at the settings page shows only options for proxy by
path, not by full URL.
Once you install the plugin, look under Services -> Reverse Proxy
for the settings.

- Y


On Sun, Dec 14, 2014 at 1:29 PM, Mike Bobkiewicz
mailto:sec...@commobil.de>> wrote:

Hello,
we have a problem: we´re running a pfSense 2.1.5 firewall with
a single WAN address in front of a DMZ zone with two web
servers. What we now want to do is that pfSense redirects a
http call to server1.example.com 
to webserver 1 and a http call to server2.example.com
 to webserver 2.
We have found two threads on the pfSense board but we couldn´t
make them run.
First thread mentioned to add aliases for the dns names and
create redirect nat rules. That doesn´t work because pfSense
seams to replace the dns entries from the aliases at run time
so the first matching rule is the winner: when
server1.example.com  is the first
rule webserver 1 answers for both server1.example.com
 and server2.example.com
. After moving the rule for
server2.example.com  before the
server1 rule webserver 2 answers all calls.
The second thread mentions to install the squid3 3.1.20
package and to use it´s reverse proxy function but we can´t
figure out where to find it in the settings.
Any help or advice is highly welcome.

Best regards,

Mike Bobkiewicz
___
List mailing list
List@lists.pfsense.org 
https://lists.pfsense.org/mailman/listinfo/list


___
List mailing list
List@lists.pfsense.org 
https://lists.pfsense.org/mailman/listinfo/list



___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list


___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] [Bulk] Re: DNS-based inbound NAT?

2014-12-14 Thread Mike Bobkiewicz 
Hi Piba,
thanks for the hint, haproxy does the trick!

Best regards,

Mike

Am 14.12.2014 um 21:41 schrieb PiBa :

> HAProxy can also be used for this.
> 
> Brian Henson schreef op 14-12-2014 20:13:
>> I second using a reverse proxy for this. You can use the squid package or 
>> even use the Mod_security and proxy pass directive 
>> 
>> On Sun, Dec 14, 2014 at 1:44 PM, Yehuda Katz  wrote:
>> HTTP Host headers are not even seen by the firewall unless some type of Deep 
>> Packet Inspection is running or the firewall is the destination and runs a 
>> proxy to the other servers.
>> 
>> The alias method suggested will not work in this case (as you found) because 
>> pfSense does not check the host headers.
>> 
>> Squid might be able to do the job, but I don't think the pfSense package of 
>> squid supports multiple FQDNs (Fully Qualified Domain Names).
>> A quick look at the settings page shows only options for proxy by path, not 
>> by full URL.
>> Once you install the plugin, look under Services -> Reverse Proxy for the 
>> settings.
>> 
>> - Y
>> 
>> 
>> On Sun, Dec 14, 2014 at 1:29 PM, Mike Bobkiewicz  wrote:
>> Hello,
>> we have a problem: we´re running a pfSense 2.1.5 firewall with a single WAN 
>> address in front of a DMZ zone with two web servers. What we now want to do 
>> is that pfSense redirects a http call to server1.example.com to webserver 1 
>> and a http call to server2.example.com to webserver 2.
>> We have found two threads on the pfSense board but we couldn´t make them run.
>> First thread mentioned to add aliases for the dns names and create redirect 
>> nat rules. That doesn´t work because pfSense seams to replace the dns 
>> entries from the aliases at run time so the first matching rule is the 
>> winner: when server1.example.com is the first rule webserver 1 answers for 
>> both server1.example.com and server2.example.com. After moving the rule for 
>> server2.example.com before the server1 rule webserver 2 answers all calls.
>> The second thread mentions to install the squid3 3.1.20 package and to use 
>> it´s reverse proxy function but we can´t figure out where to find it in the 
>> settings.
>> Any help or advice is highly welcome.
>> 
>> Best regards,
>> 
>> Mike Bobkiewicz
>> ___
>> List mailing list
>> List@lists.pfsense.org
>> https://lists.pfsense.org/mailman/listinfo/list
>> 
>> ___
>> List mailing list
>> List@lists.pfsense.org
>> https://lists.pfsense.org/mailman/listinfo/list
>> 
>> 
>> ___
>> List mailing list
>> 
>> List@lists.pfsense.org
>> https://lists.pfsense.org/mailman/listinfo/list
> 
> ___
> List mailing list
> List@lists.pfsense.org
> https://lists.pfsense.org/mailman/listinfo/list

___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list