Pfsense using External URL within the Network

Hello,

I have recently started using pfsense for my home network and for the most part have managed to get most things to do what I want it to do but have run into a configuration I would like to have setup but cant find how to do.

I have a few servers within my network each running a few different applications using different port numbers. I have setup the port forwarding which is working great from outside the network. I also have my ddns setup and is working great. But the issue I have run into is that I can not use that url from within my own network. So say my url is test.com I can use it fine on my cellular network but as soon as I connect to my internal wireless the the connection is refused by pfsense, it is even refused by IP address. The solutions I have found talk about using NAT reflection in Pure NAT mode which did not seem to make any difference. Another solution I found was to add and entry into the DNS Resolver to point the url to the internal address. The issue with that is that I can only point it to one of the servers which kind of solves the issue but not really.

In the end I would like to get it so that I can setup some port 80 redirects with my DNS provider to something like NAS.test.com pointed to port 8080 and plex.test.com pointed to port 32400 and have it so that those urls will work externally and internally not matter if they are on the same machine or different machines.

Any help trying to make this work would be greatly appreciated.

You need local DNS. That doesn’t point ports for you, but it gets you NAS.test.com and plex.test.com.

So test.com is your search domain. Then you add entries to DNS like NAS and associate that name with test.com, and give it the internal IP address of the server.

Your client computer is then setup to use pfSense as the DNS server. Your client computer attempts to hit NAS.test.com, and boom, it resolves properly. plex.test.com:32400 is how you specify the port in, say, a web browser.

Thanks Levitance. The DNS Reslover withing pfsense actually handles this portion very well. I am trying to avoid entering ports as much as possible. I can remember all the ports nt issue but there are some in the house that lucky if they remember their name let alone a port number.

Ah, okay gotcha. So you’ve got the DNS side handled. Unfortunately handling the port number’s not so easy, as I don’t think there’s a service that handles this in the way that DNS handles name resolution. For web interfaces like with Plex, you’ll likely have to fire up a basic page on port 80 and/or 443 on the Plex server that is just a redirect to the Plex server, except on port 32400.

I’d you get rid of your local dns stuff and enable nat reflection on the port forwards that may work.

Also, the dns resolver is unbound, so if you can find out how to make dns entries that redirect ports in the unbound format then you can just add that In the advanced box.

System -> Advanced -> Firewall & NAT

NAT Reflection mode for port forwards -> NAT + Proxy

Recently ran into this problem, this was the fix.

1 Like

This will work as long as you don’t have any local DNS entries for your server, which is to say it will only work if when you resolve your domain name you get your public IP and not the internal private IP.

Yup, that’s how I wanted to set it up, not having to deal with DNS, multiple forwards, etc. If something internal is needed - access it via IP or add a DNS entry.
Plus nginx configuration can do wonders if you want something a bit more “private”.
allow 192.168.0.0/24;
deny all;