Hi all, I ain't gonna lie this has been bugging me for a good bit and I need to resolve it soon (hopefully NOT by procuring another circuit).
Here's the 10,000 ft view:
I have a network behind a pfSense VM/GW that has 3 interfaces on it, WAN, LAN, and OPT (DMZ secondary lan subnet). Now I of course have a bunch of services (many of them ssl), what I have done in the past is force servers nginx/apache/tomcat configs to 'listen' on a non-standard port (81/444 for example) to be able to NAT/map multiple similar services out pfSense. Issue I would highly desire to resolve is how in the hell or is it even possible to map multiple say port 443 ssl services through pfSense w/out conflicting w/ other already NAT'ted similar services listening on the same port 443.
Possible/NOT possible??? I thought by adding a new OPT1 dmz subnet/vlan I would be well on my way but it looks to me like no matter how many interfaces you have if it requires natting then they overlap/conflict or are handled by the same NAT/rules methodology w/in pfSense inherently, even if they are on different subnets/private network address space.
Am I missing something, please tell me I am being super silly and do NOT need another ISP provider to do this. I understand if I had a small pool of static IP's assigned to me from Comcast on possibly a business service class acct that the story would be different...maybe it's just time to bite the bullet. :-(
TIA, whitey
Here's the 10,000 ft view:
I have a network behind a pfSense VM/GW that has 3 interfaces on it, WAN, LAN, and OPT (DMZ secondary lan subnet). Now I of course have a bunch of services (many of them ssl), what I have done in the past is force servers nginx/apache/tomcat configs to 'listen' on a non-standard port (81/444 for example) to be able to NAT/map multiple similar services out pfSense. Issue I would highly desire to resolve is how in the hell or is it even possible to map multiple say port 443 ssl services through pfSense w/out conflicting w/ other already NAT'ted similar services listening on the same port 443.
Possible/NOT possible??? I thought by adding a new OPT1 dmz subnet/vlan I would be well on my way but it looks to me like no matter how many interfaces you have if it requires natting then they overlap/conflict or are handled by the same NAT/rules methodology w/in pfSense inherently, even if they are on different subnets/private network address space.
Am I missing something, please tell me I am being super silly and do NOT need another ISP provider to do this. I understand if I had a small pool of static IP's assigned to me from Comcast on possibly a business service class acct that the story would be different...maybe it's just time to bite the bullet. :-(
TIA, whitey