Can pfsense forward incoming subdomains to specific servers?

I’m trying to find a way to use subdomains to access virtual servers in my home network, but without registering several subdomains. Example (in case i’m using the wrong nomenclature, I’m newer at this): forwards to my NAS. forwards to my webserver. All of that though, with just one IP address.

This is for home server use only. I do not have a large user base. If I can accomplish it with or from within pfsense, that’d be incredible.

Thanks to anyone who can offer any insight/input. I dont expect a tutorial, but if you could point me in the right direction so I can research further, that’d be incredibly helpful.


  • Garrett

There is a bit of a conflict in your question. Assuming that you want hosts from outside of your network to be able to reach hosts inside your network, you will need to set up DNS entries for subdomains, otherwise the different services cannot be distinguished. Of course these can all point to the same IP address (by virtue of CNAMEs, for example), but they have to be different (sub-)domains.

The next step is distributing the trafic inside your network. For that you will want to look into reverse proxys. Common ones include nginx, HAProxy and Traefik. Some can run directly inside pfSense, others may have to be setup on a host.

1 Like

Thank you for the reply. It sounds like reverse proxys is what I need.

I’m only concerned about being able to access home servers remotely. I’m hoping to set that up with a single domain (IP address). I want the internal system in the home to route requests by using the subdomain.

So, * all goes to the same IP addres and gets to my network. Once inside my network, I want pfsense or an app within pfsense to send the traffic to an internal IP and port based on the subdomain. Unspecified subdomains go nowhere.

You can refer to Tom’s tutorial about haproxy:

1 Like

This is a very common scenario and will be easily achievable with any reverse proxy. Just to clarify because you were unsure about the nomenclature: IP addresses and domains (or domain names) are not interchangeable terms, nor are they necessarily in a one-to-one relationship. Many domains can point to the same IP address. When you write *, that means all domains that end in, including and You may have only one entry in your DNS zone to point all of these domains to the same IP address, but they are still distinct domains.

On another note: While what you ask is perfectly possible, depending on the services you are exposing it might be “better” (i.e. more secure) to not expose them to the internet directly, but rather set up a VPN to tunnel inside of your network and access the services that way. NAS systems are often times not that well secured.


A simple lightweight tool called “Nginx Proxy Manager” could be considered. Its a docker image at the docker hub, or you can install a standalone version if you need to.
It will do basic reverseproxying with letsencrypt certs built in by default. I believe that this can solve your problem.

But if you need more flexibility and advanced features without having to write manual nginx configs, HAproxy is as mentioned by several before me, a really good option to solve the problem.

1 Like