Hi,
It is very easy to forward traffic on a specific port to a specific machine with Port Forwarding. But that also means I can only define one machine assigned to a specific port.. What if I have multiple servers using the same port on different internal servers? How can I make OPNSense look at the FQDN and forward the traffic to a internal server on a specific port? For example mumble1.domain.net and mumble2.domain.net, you would forward the traffic where it needs to do, how do I do that?
I tried to declare a RULE to allow traffic from any WAN ADDRESS on port XXX to that firewall and declared a UNBOUND DNS entry to forward traffic from "mumble1.domain.net" to a specific server but it doesn't work. Perhaps that is not the right thing to do.
Basically, my question is, how can I handle traffic for multiple servers using the same port and forwarding the request to specific servers matching the FQDN? Or is there another approach I should be taking?
Thanks
Anyone has a clue?
HAProxy
I tried HAProxy and it works well for Web based services. However, for anything else that requires more ports opened and UDP I don't think HAProxy will work in that scenario.
In my case, I'm trying to passthrough traffic to a server running Mumble. I just have one right now and using Port Forwarding works great in the scenario but I may need to create another at which point I will have a problem. Mumble uses a TCP and UDP port.
I have tried to create a rules in the WAN to open the required ports on my WAN address and targeting my LAN then using unbound DNS to push traffic to the right machine but that doesn't work. I'm probably missing something. Anything else I can try?
Basically Mumble using UDP and TCP port on 64738.
You would need a proxy specifically for the application layer protocol being used. Just like HAProxy is a proxy specifically for HTTP and TLS. No idea whether a Mumble proxy exists.
Otherwise, your only option is using different ports or a different IP address for the second server.
Hi Maurice,
Yeah I figured that much and that is what I was wondering if OPNSense has this kind of proxy otherwise, like you said, I would have to use a different port.
As for using a different IP Address, I was already doing that but in order to forward that request to the second server, I would need a way (a proxy) to look at the FQDN and forward to that specific IP Address in my LAN which is what I am missing.
About 6 years ago, I used Zentyal and it was able to redirect traffic based on the FQDN, forwarding requests directly to a very specific machine. They called that Aliasing. I did read about Aliasing on OPNSense but it doesn't seem to be quite the same thing or maybe I just don't know how to use it.
Quote from: tessierp on March 27, 2021, 05:41:08 PM
I tried HAProxy and it works well for Web based services. However, for anything else that requires more ports opened and UDP I don't think HAProxy will work in that scenario.
In my case, I'm trying to passthrough traffic to a server running Mumble. I just have one right now and using Port Forwarding works great in the scenario but I may need to create another at which point I will have a problem. Mumble uses a TCP and UDP port.
I have tried to create a rules in the WAN to open the required ports on my WAN address and targeting my LAN then using unbound DNS to push traffic to the right machine but that doesn't work. I'm probably missing something. Anything else I can try?
Basically Mumble using UDP and TCP port on 64738.
So you have multiple Mumble instances ?
What it with changing the port ranges for them?
Hello Lfirewall1243,
So if I understand correctly you are asking what is the problem with giving myself a wider port range to accommodate for multiple Mumble servers?
The reason is just to prevent having to open too many ports. Just like with HTTP / HTTPS based services using HAProxy to route the traffic (by looking at the FQDN and routing it to the proper backend), I would like to do the same with TCP/UDP based services.
If there isn't a plugin to do this, is there a way I could do this through WAN and LAN rules?