Routing Issues
-
"However i seem to be forwarded to the pfsense ui with a DNS Rebind error"
Are these resolving to rfc1918 addresses?
-
Yes they are forwarding to a 24 bit block address
-
Public dns should not return rfc1918 address space - or yeah it looks like a rebinding attack. Only local dns should resolve to rfc1918 space.
-
my pfsense has public dns servers not internal ones.
-
Dude so you have a domain that anyone can resolve?? And it returns rfc1918 space? Yeah that is borked!!
Pfsense can be a forwarder or a resolver, and provide dns to self. You can create host overrides for anything pfsense or your clients would need to resolve.. Putting rfc1918 space in some public nameserver is Borked!! do not do that!!
-
Think i may have explained wrong.
Internal Ip on webserver is rfc1918 address, our public ip address is not. i have a second interface which is in our dmz range but forwarding is nt working.
Are you saying that the server needs to have some random ip that doesnt fall in the rfc1918 addresses
Its external forwarding that is not working.
-
You call it your dmz range? Just another lan side network with rfc1918 address space off pfsense.
Your not forwarding your using your reverse proxy.
Where are you getting a rebinding attack? From where? If your on your lan, and you want to hit your other server that is in you dmz.. Are you trying to hit your public IP or resolving to your local.. Or are you coming from outside??
So your saying if I for example hit your fqdn, I get a rebinding error? Please PM these fqdn your working with.
-
I am completely at a miss with this one, url is http://snipeit.forgeapps.co.uk
-
that does not return rfc1918.. I returns public..
;; QUESTION SECTION:
;snipeit.forgeapps.co.uk. IN A;; ANSWER SECTION:
snipeit.forgeapps.co.uk. 14400 IN A 81.145.129.116Is that your IP?
So what does your webserver resolve that too? Is unbound asking a forwarded ns, did you forward the domain? If so when unbound has to ask some other NS in the act of resolving or with a domain override and it returns rfc1918 to unbound that would be a rebind attack..
From a quick scan I only show 21 open on that IP..
Not shown: 99 filtered ports
PORT STATE SERVICE
21/tcp open ftpBut no welcome message comes back..
-
yes this is the ip, however i have no port forward rules set up for ftp?
-
well its shows its open.. And don't see http or https..
Send a syn to 21, get back a syn,ack.. So something is listning.. Maybe its your modem/router in front of pfsense?
Nmap scan report for cradley.heathfield.sandwell.sch.uk (81.145.129.116)
Host is up (0.00078s latency).
Not shown: 999 filtered ports
PORT STATE SERVICE VERSION
21/tcp open ftp?
|_ftp-bounce: no banner -
Am i able to use reverse proxy for 2 different domain names?
This is the only other reason i can see it not working?
-
I find that highly unlikely since port 80 or https are not even open.. Are you running this domains on some odd port? in you url?
I just did a port scan of the top 1000 ports, and only thing answering is 21..
So unless your using some other IP?? What are these other domains? Do you have some sort of block in your wan for non UK IPs? Like pfblocker or something blocking the US?
-
Nothing should be blocked for US
Do i need to create extra NAT Rules for this website?
As for the port the site is only using standard http port 80.
I have 2 domain names that i am trying to use reverse proxy for, my primary domain is working fine for all reverse proxy requests etc.
Seems to be this new domain i have that is not working.
-
Post your wan firewall rules.. Like I said scanning your IP shows the ONLY Port that is open is 21.. That is out of nmap 1000 services in the intense scan template..
-
Attached
 -
well your firewall rule shows ok, but don't see any states on it.. So nobody on your website.. What I can tell you is those ports are not open from the internet.. I can not get to them.. I have to assume all your domains resolve to that IP.
I do not show those ports open.. So is your isp blocking them now? Do you have something in front of pfsense. Is your reverse proxy not running? I get no answer when I send syn to those ports.. If something was there listening, even if didn't know where to send me would get a syn,ack back so I could send it the url I wanted to go too.
-
Ok so i have called ISP and they don't block anything.
-
dude run your own scan, go to canyouseeme.org.. What IP comes up in the box? Is that your IP your domains are pointing too? Again I scanned that IP and port 80 is not listening..
Here I just did it from another online scanner.. those 3 ports your firewall shows open 80,443,8080 all come back as filtered!!! Ie nothing listening.. Notice no packets came back..
Starting Nmap 6.00 ( http://nmap.org ) at 2016-12-13 13:48 EET
Initiating SYN Stealth Scan at 13:48
Scanning cradley.heathfield.sandwell.sch.uk (81.145.129.116) [3 ports]
Completed SYN Stealth Scan at 13:48, 2.83s elapsed (3 total ports)[+] Nmap scan report for cradley.heathfield.sandwell.sch.uk (81.145.129.116)
Host is up.PORT STATE SERVICE
80/tcp filtered http
443/tcp filtered https
8080/tcp filtered http-proxyNmap done: 1 IP address (1 host up) scanned in 5.44 seconds
Raw packets sent: 6 (264B) | Rcvd: 0 (0B)I would validate that is your actual IP.. Maybe your IP changed!! Is your reverse proxy running and listening on those ports? Because get nothing back from that IP on those ports
