PF pf.conf and local redirection to domain

Hi,

How to properly redirect traffic from local network to domain. I have nginx, php, mysql, wordpress etc. When I am trying to open website not in wordpress using set domain it won't open, but outside network people can open without any issues. When trying to open on local address it works fine. After I have installed wordpress I did set url in wordpress using local address and I thought it will redirect from outside to inside jail to webpage and it did only on home page. Home page works and it's redirected from firewall to outside traffic hfoj.dyn.pl -> 172.16.255.10 but when you click on any link i.e. "About" it goes to http://172.16.255.10/?page_id=4 which won't be recognized by outside network. So I realized I have to change url to domain in wordpress settings but then I have no access to website. How to configure firewall so it will let me use server domain inside local network as well as outside network?

Temporary solution I made is by adding a line:

Code:
rdr pass on $lan_if inet proto {tcp, udp} from any to any port { 80, 9987, 9099, 10011, 11501, 30033 } -> 172.16.255.10

but it redirects most of the pages to my local one. For example in Steam website http://store.steampowered.com/ opens my local page in wordpress.
 
It looks to me as if your problems are mostly related to your WordPress installation. Now, I'm not sure I fully understand what the problem is, but if I read correctly then it's mostly you not being able to connect to the WordPress website from within your network.

If so then it might be an option to add your public domain to /etc/hosts so that you can force your local client to use another IP address (172.16.255.10) when accessing that specific domain.
 
Hi, I have tried like that in /etc/hosts:
Code:
172.16.255.10           hfoj.dyn.pl jail
172.16.255.10           hfoj.dyn.pl
And it won't help, can't access website by domain from local network.
 
If I understand correctly, you need to use your private address for clients connecting to your FQDN within your LAN (as the public IP will not work due to NAT), and still allow clients outside your network to access the via the public IP when using the domain as well.

The proper way to do this is with "Split horizon DNS" and not via pf. You will still need the rdr rule for the public IP if your server is behind NAT, of course, but that issue is independent from DNS.
 
Back
Top