MIAB, Pfsense 2.4.4, and second webserver on same LAN

Hi to all,

Hope for some help. I have two problems.

My current setting is
ESXI 6.0

  1. VM Pfsense 2.4.4 ( Firewall
  2. VM MIAB (
  3. VM Ubuntu WEB server (apache+Mysql) (
  4. VM FreeNas (
    Problem 1
    I have followed the setup, so MIAB is handling all DNS entries. Now I am having trouble accessing my domain via domain name from LAN. From outside all works great but from LAN network I need to use IP

Problem 2.
How to set in MIAB that domainname.com will be used from WEBserver on and domainname.com/mail will be used from

Tnx in advance.

Nameservers can take up to 48 hours to update globally. If you are still having trouble by this time tomorrow, @ me so I get a notification and I can help you further.

Ok I will do. But just to be clear accessing MIAB via domainname.com from eg. my phone on mobile data or from work is OK. But when at home I need to use internal IP from MIAB to access the website.

The second issue that I have is I am running two servers behind Pfsense (one is MIAB and the other Ubuntu Webserver), as MIAB is currently running as main DNS as well I can’t reach website running on the second Web server from outside (mobile or work or any other network) of course I can access with in my LAN.

This is really not my area … but is port forwarding enabled properly?

Does Pfsense know to forward based on the http headers? Is that even a thing? How does Pfsense know which machine to forward to? I assume that you are using a different port for http/https on the webserver…

You are running DNS on the webserver to handle the private requests?

I am just rambling … maybe some of it makes sense … cause I do not know what I am talking about in terms that make sense to techies. :stuck_out_tongue:

Yep problem 1 solved. The issue was with DNS Forwarder.

Still struggling with problem No.2.
Both MIAB and Ubuntu webserver are using port 80 for website. As I want to use MIAB webmail (https://mydomain.com/mail) and Web server https://mydomain.com on different server.

The web server is on a different host? internally?

You will need to use a maybe a 3rd server to do special filtered load balancing between the two. Apache can do this using a reverse proxy but currently I do not believe your setup is supported for MIAB at this point.

That said, do you have a secondary IP address you can use for MIAB instead?

Your MiaB is not on its own subdomain (hostname)?

Problem 1

You need to setup two DNS resolvers, one for external use and one for internal use. External clients will use the external one and internal ones, well I’ll leave that to you to work out.

DNSMasq will do what you want to do as that’s exactly how we use it. You need to setup your DHCP or whatever so that internally you point to the right IP address. I can’t recall if PFSense has DNSMasq built in or not. Smoothwall used to do this. I would assume that you have two network devices configured for your firewall.

On another note, FreeNAS in a VM is not a recommended way to run FreeNAS. It works perfectly until the moment it fails and you lose your ZFS pool and all your data is corrupt. Been there, done that and lost all the data,

Problem 2 can be handled by setting up an NGINX proxy and handle the routing. We do this to route traffic to monit which is on a different port. About 10 lines of NGINX.


HI to all,

For some reason i am still struggling with getting proper WEB server up and running.

My setting is as follows.
Server that is running ESXI 6.0

  1. VM - MIAB (ip
  2. VM - Ubuntu WEBSERVER (ip running Apache on port 81 (https) and 8081 (https)
  3. VM - FreeNAS
  4. VM - Pfsense

I have created an index.html file in

`server {
    server_name domainname.com;

    location / {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

So when I try to access the web page nothing happens. I have google several topics with NGINX proxy setting but all failed. Is some one using similar setting and if do can you please post instructions how to achieve that I can run a full apache / mysql site behind nginx proxy.

So I have figure it out.


I have added in /etc/nginx/conf.d/local.conf

location / {
proxy_pass http://ip from second server:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;

Hi to all,

I am still fighting with this code. I have added the code above to /etc/nginx/conf.d/local.conf but than every night system check is performed and Error Provisioning TLS Certificate appears and the local.conf file is rewritten to original state.

Am I missing something?

Problem 1:

Problem 2:
Set webserver to have 80/443 ports
Miab set to 444 for example.
Port forward it

you can also refer for your webmail to a different domain on MIAB,

website: https://mydomain.com/
webmail: https://box./mail/

Hi NAT Loopback I have figure it out and that is fine.

Second problem it looks more changeling that it is.

So to try to simplify I wanted to use the SSL cert that MIAB generated and with reverseproxy that I doable very nice. I get all the functionally from MIAB and use the SSL to access webserver to display from apache/mysql site server. As mentioned I did get it running as I wanted but MIAB run a script every night and overwrites the /etc/nginx/conf.d/local.conf to original state. Meaning I lose functionally of proxy.

I could add custom DNS name eg. web.mydomain.com -> to my webserver but then I would need to create a script for making sure that certs are up to date and transfered. So I am sure there is a more clean solution to allow me to share SSL cert generated by MIAB with Apache/SQL (second server).


If you got the above script running, why don’t you put that one in /home/user-data/www/<my_domain>.conf and create a directory with the name <my_domain> in the same directory.

Hi to all, just going over some old posts of mine. Yes solution is to add the mydomain.conf file in /etc/nginx/conf.d.

Simple way is to copy local.conf to somethinngelse.conf then just remove all the other data from other domains and paste below

location / {
proxy_pass http://ip from second server:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
        index index.html index.htm;
---> here
        location = /robots.txt {
                log_not_found off;
                access_log off;