MIAB, Pfsense 2.4.4, and second webserver on same LAN


#1

Hi to all,

Hope for some help. I have two problems.

My current setting is
ESXI 6.0

  1. VM Pfsense 2.4.4 (192.168.10.1) Firewall
  2. VM MIAB (192.168.10.90)
  3. VM Ubuntu WEB server (apache+Mysql) (192.168.10.100)
  4. VM FreeNas (192.168.10.80)
    .
    .
    Problem 1
    I have followed the setup, so MIAB is handling all DNS entries. Now I am having trouble accessing my domain via domain name from LAN. From outside all works great but from LAN network I need to use IP 192.168.10.90.

Problem 2.
How to set in MIAB that domainname.com will be used from WEBserver on 192.168.10.100 and domainname.com/mail will be used from 192.168.10.90

Tnx in advance.


#2

Nameservers can take up to 48 hours to update globally. If you are still having trouble by this time tomorrow, @ me so I get a notification and I can help you further.


#3

Ok I will do. But just to be clear accessing MIAB via domainname.com from eg. my phone on mobile data or from work is OK. But when at home I need to use internal IP from MIAB to access the website.

The second issue that I have is I am running two servers behind Pfsense (one is MIAB and the other Ubuntu Webserver), as MIAB is currently running as main DNS as well I can’t reach website running on the second Web server from outside (mobile or work or any other network) of course I can access with in my LAN.


#4

This is really not my area … but is port forwarding enabled properly?

Does Pfsense know to forward based on the http headers? Is that even a thing? How does Pfsense know which machine to forward to? I assume that you are using a different port for http/https on the webserver…

You are running DNS on the webserver to handle the private requests?

I am just rambling … maybe some of it makes sense … cause I do not know what I am talking about in terms that make sense to techies. :stuck_out_tongue:


#5

Yep problem 1 solved. The issue was with DNS Forwarder.

Still struggling with problem No.2.
Both MIAB and Ubuntu webserver are using port 80 for website. As I want to use MIAB webmail (https://mydomain.com/mail) and Web server https://mydomain.com on different server.


#6

The web server is on a different host? internally?

You will need to use a maybe a 3rd server to do special filtered load balancing between the two. Apache can do this using a reverse proxy but currently I do not believe your setup is supported for MIAB at this point.

That said, do you have a secondary IP address you can use for MIAB instead?


#7

Your MiaB is not on its own subdomain (hostname)?


#8

Problem 1

You need to setup two DNS resolvers, one for external use and one for internal use. External clients will use the external one and internal ones, well I’ll leave that to you to work out.

DNSMasq will do what you want to do as that’s exactly how we use it. You need to setup your DHCP or whatever so that internally you point to the right IP address. I can’t recall if PFSense has DNSMasq built in or not. Smoothwall used to do this. I would assume that you have two network devices configured for your firewall.

On another note, FreeNAS in a VM is not a recommended way to run FreeNAS. It works perfectly until the moment it fails and you lose your ZFS pool and all your data is corrupt. Been there, done that and lost all the data,

Problem 2 can be handled by setting up an NGINX proxy and handle the routing. We do this to route traffic to monit which is on a different port. About 10 lines of NGINX.

Rob