0

Introduction

I have one router, running pfSense (can be anything since it's a virtual machine on VMware, so if the solution requires anything else, that's fine by me) and behind it I have multiple virtual machines (NAT).

What I'd like to accomplish

I'd like to use a proxy of some sort to use multiple services with 1 IP, preferably based on DNS. For example; running a mail server (and website for webaccess) on mail.domain.com and running a website on www.domain.com and running a FTP server on ftp.domain.com, but all are a different virtual machine.

So basically:

Hostname          Internal NAT IP     Port

www.domain.com    192.168.1.10        80
mail.domain.com   192.168.1.11        25
mail.domain.com   192.168.1.11        80
mail.domain.com   192.168.1.11        443
ftp.domain.com    192.168.1.12        21

So I thought of using HAProxy, but HAProxy only allows this for HTTP traffic and not for "regular" TCP traffic (based on DNS name). I'd like to have all ports (both TCP and UDP, but if TCP is only possible then it's fine aswell) to be redirected to the respective virtual machine.

Devator
  • 1,473
  • 4
  • 18
  • 37
  • 1
    As always make sure you have gotten IPv6, and if you haven't, ask the hard questions of your provider. This is something that they should have deployed years ago. – Michael Hampton Jun 15 '15 at 22:48
  • The only way the proxy can know the hostname is if it is communicated in the higher level protocol. And it has to be sent by the client before it receives any data from the server, because the proxy cannot send any data from server to client before it knows which server. That limits which protocols it can be done for. But according to your list you only need it for HTTP anyway, the rest of them you can simply dispatch to backends based on port number. – kasperd Jun 16 '15 at 04:43

1 Answers1

4

Doing any kind of proxying based on the DNS hostname used also requires that the application protocol carries the host header in some way.

To my knowledge there are no such headers involved in FTP, so I don't see how this will be possible. Maybe with a custom FTP proxy, that sends you to different servers based on the username or something like that.

TLDR: I don't think your end goal is possible. You need more than one external IP address.

pauska
  • 19,620
  • 5
  • 57
  • 75